Google Cloud Professional Cloud Security Engineer Practice Exam

How can application teams be restricted to adding only internal users to their Google Cloud groups?

• A. Implement IP whitelisting
• B. Change group configuration in Google Workspace Admin console
• C. Utilize roles with specific permissions
• D. Restrict group membership to admins only

The correct answer is: Change group configuration in Google Workspace Admin console

The ability to restrict application teams to adding only internal users to their Google Cloud groups can be effectively managed through the configuration settings in the Google Workspace Admin console. By modifying the group settings, administrators can control who can become a member of the groups, defining whether users can invite others and the types of users that can be added. This approach allows for precise management of group membership, ensuring that only designated internal users are allowed within the groups, thus enhancing security and maintaining compliance with organizational policies regarding access and data sharing. It also enables the enforcement of best practices related to identity and access management, which is critical in maintaining a secure cloud environment. While other options suggest methods that could relate to security or user management, they do not specifically address the requirement to restrict group membership to internal users. For instance, IP whitelisting is primarily for controlling access based on network locations and does not specifically pertain to user membership within groups. Utilizing roles with specific permissions can help manage actions teams can take, but it does not inherently limit the user base of groups to internal users. Lastly, restricting group membership to admins only limits participation and is not practical for application teams that require collaboration among their members.