Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.

The question requires maintaining existing Active Directory/LDAP user management and SSO password flow for GCP Console access. Option B (Google Cloud Directory Sync) is the correct choice because it synchronizes user identities from on-premises AD/LDAP to Google Cloud Identity while preserving the existing authentication flow. This allows users to continue using their current SSO credentials while providing GCP access. Option A is incorrect as manual synchronization is impractical for large user bases and doesn't scale. Option C is invalid as GCP doesn't support direct Kerberos authentication. Option D is incorrect because while OIDC is a valid federation method, it doesn't maintain the 'existing SSO password' requirement specified in the question - OIDC would require users to authenticate through a different flow rather than preserving their current password-based SSO experience. The community discussion strongly supports B with 91% consensus and references official Google documentation.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization is migrating infrastructure to Google Cloud and needs to provide a large number of users with access to the GCP Console. The Identity Management team wants to continue managing users using an existing on-premises Active Directory or LDAP server and maintain the existing Single Sign-On (SSO) password flow. What should you do?

Exam-Like