Question-22: A server that maintains network and identity security, essentially functioning as the gatekeeper for user authentication and authorisation to access IT resources inside the domain, is known as a domain controller. The most prevalent kind of server that performs this function is Microsoft Active Directory. A server on the network that centrally administers access for users, personal computers, and other servers on the network is called a Domain Controller. This is accomplished by employing AD. Active Directory is a database that is used to organise the people and machines that are associated with your organisation. Your company would like to begin using resources from Google Cloud, but they would like to keep their on-premises Active Directory domain controller for identity management. What action should you take?
A. To authenticate against the Active Directory domain controller, make use of the Admin Directory Application Programming Interface.
B. Synchronize the usernames in Active Directory with cloud identities by using Google Cloud Directory Sync, and establish SAML Single Sign-On (SSO).
C. Make use of the on-premises Active Directory domain controller as an identity provider by configuring the Cloud Identity-Aware Proxy to do so.
D. Make use of Google Compute Engine to generate a replica of the on-premises Active Directory domain controller by syncing it with Google Cloud Directory. This will be an Active Directory (AD) domain controller.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 2 Explanation: If you need to create Google Accounts for your existing users, you can use Google Cloud Directory Sync to synchronize with your Active Directory or LDAP server. Domain controllers are not meant authenticate saas or web applications. This includes iam. Domain controllers speak ntlm and Kerberos. This why we use federation. Because web apps do not speak Kerberos or ntlm. They speak languages such oauth. Hence the need for ad federation proxy Option-2 is correct. Use Google Cloud Directory Sync to sync Active Directory user names with cloud identities and configure SAML SSO. Check the flowchart here illustrating integration of your existing identity management system into GCP. Option-3 – does not work, since Cloud IAP serves different purpose. It s a building block toward BeyondCorp, an enterprise security model that enables every employee to work from untrusted networks without the use of a VPN.