Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have ג€user email addressג€ as the attribute to facilitate one-way sync.

Option A is correct because Google Cloud Directory Sync (GCDS) is specifically designed for one-way synchronization from on-premises LDAP directories to Google Cloud Identity, which includes Cloud IAM. Using 'user email address' as the LDAP search attribute ensures that security groups with email addresses are properly synced. The community discussion strongly supports A with 100% consensus and 11 upvotes, citing official Google documentation that confirms GCDS only supports one-way sync. Option B is incorrect because GCDS does not support bidirectional synchronization. Options C and D are less suitable as they suggest using generic management tools and creating groups manually, which is inefficient and error-prone compared to the automated, purpose-built GCDS solution.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have ג€user email addressג€ as the attribute to facilitate one-way sync.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

You are the Security Admin for your company. You need to synchronize all security groups that have an email address from your on-premises LDAP directory to Cloud IAM. What should you do?

Exam-Like

Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have ג€user email addressג€ as the attribute to facilitate one-way sync.

Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have ג€user email addressג€ as the attribute to facilitate bidirectional sync.

Use a management tool to sync the subset based on the email address attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.

Use a management tool to sync the subset based on group object class attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.