Google Cloud Professional Cloud Security Engineer Practice Exam

Which method is appropriate for ensuring that manually created users in Google Cloud are disabled during LDAP synchronization?

• A. Set up an alert policy
• B. Configure GCDS to suspend domain users not found in LDAP
• C. Remove all manual users beforehand
• D. Disable LDAP integration temporarily

The correct answer is: Configure GCDS to suspend domain users not found in LDAP

The correct method to ensure that manually created users in Google Cloud are disabled during LDAP synchronization is to configure GCDS (Google Cloud Directory Sync) to suspend domain users not found in LDAP. This approach aligns with the purpose of GCDS, which aims to synchronize your Google Workspace users with your LDAP directory effectively. By using GCDS to suspend users that do not have corresponding entries in the LDAP directory, you can automate the management of user accounts. This allows for the maintenance of a clean and synchronized user base without the need for manual intervention each time an LDAP sync occurs. If a manually created user does not exist in LDAP, configuring GCDS to suspend that user ensures that the account is not inadvertently active and continues to receive access to resources. Other options, such as setting up an alert policy or temporarily disabling LDAP integration, do not directly address the need to manage user accounts during the synchronization process. Removing all manual users beforehand can be impractical and might not be feasible if there is a need to retain those accounts temporarily for various reasons. Consequently, configuring GCDS to suspend users not found in LDAP provides the most effective, automated solution for maintaining the integrity of your user management system in a Google Cloud environment.