Answer-first summary for fast verification
Answer: Create a workforce identity pool and federate the identity pool with the identity provider (IdP) of the temporary partner team.
Option B is the correct answer because it leverages Google Cloud's Workforce Identity Federation, which allows federating with the partner's identity provider (IdP). This ensures that access is automatically managed based on the partner's employment status—if a team member is removed from their employer's IdP, they lose access to Google Cloud resources without manual intervention. This aligns with the requirement for automatic access revocation and follows Google Cloud best practices for external identity management. Option A (temporary credentials) is less secure and requires manual cleanup, risking orphaned accounts. Option C (just-in-time access) is for temporary elevated privileges, not ongoing access, and doesn't address identity lifecycle management. Option D (adding identities to your IdP) would require manual updates and doesn't automatically revoke access upon employment termination at the partner organization.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has engaged a temporary partner team for 18 months to collaborate with your DevOps team on a Google Cloud-hosted application. You need to grant this team access to the application's resources and ensure their access is automatically revoked if they are no longer employed by the partner organization. What is the recommended approach?
A
Create a temporary username and password for the temporary partner team members. Auto-clean the usernames and passwords after the work engagement has ended.
B
Create a workforce identity pool and federate the identity pool with the identity provider (IdP) of the temporary partner team.
C
Implement just-in-time privileged access to Google Cloud for the temporary partner team.
D
Add the identities of the temporary partner team members to your identity provider (IdP).
No comments yet.