Google Cloud Professional Cloud Security Engineer Practice Exam

To reduce the risk of Google Cloud account compromise, what should be configured after SSO?

• A. OAuth 2.0 permissions
• B. Post-SSO 2-Step Verification with security keys
• C. Service account permissions monitoring
• D. Federated identity settings

The correct answer is: Post-SSO 2-Step Verification with security keys

Configuring 2-Step Verification with security keys after setting up Single Sign-On (SSO) is a critical step in strengthening account security. By adding 2-Step Verification, you introduce an additional layer of protection that goes beyond just the username and password used for SSO access. While SSO simplifies the user authentication process by allowing for the use of a single set of credentials to access multiple applications, it can also present a risk if those credentials are compromised. When 2-Step Verification is enabled, users are required to provide a second form of verification—typically a one-time code sent to a mobile device or generated via an authenticator app, or in this case, a physical security key. This significantly increases the difficulty for unauthorized users to gain access to the account, as they would need both the password and the second factor (the security key) to log in successfully. In contrast, OAuth 2.0 permissions focus on authorizing third-party applications rather than directly addressing the authentication process for user accounts. Service account permissions monitoring is essential for maintaining proper access controls, but it does not impact user authentication security. Federated identity settings manage cross-domain authentication but do not provide the immediate extra security that 2-Step Verification offers. Therefore,