Answer-first summary for fast verification
Answer: Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.
The correct answer is C because Cloud Directory Sync is specifically designed to automate user provisioning and deprovisioning between an organization's directory service (like Active Directory) and Cloud Identity. This ensures that when an employee is terminated in the directory service, their Cloud Identity account is automatically deprovisioned, aligning with the requirement for automatic deprovisioning. Option A and D are incorrect as they focus on removing IAM permissions, which does not deprovision the account itself. Option B is less suitable because using the Cloud SDK for provisioning/deprovisioning requires manual intervention and is not automated, unlike Cloud Directory Sync. The community discussion strongly supports C with high upvotes and references to Google's documentation on automated provisioning.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A customer has terminated an engineer and needs to ensure the engineer's Google Cloud account is automatically deprovisioned. What should they do?
A
Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.
B
Use the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.
C
Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.
D
Configure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.