Question-38: Utilizing a password manager software is one method for generating, storing, and keeping track of your passwords in a secure manner. A password manager will encrypt your passwords and store them in a vault that can only be accessed with a master password. It will also implement other security measures, such as multi factor authentication, to further safeguard your data. Your client is transitioning an existing enterprise application from an on-premises data center to Google Cloud Platform as part of this process. The proprietors of the company want as little disturbance as possible for their customers. When it comes to the storage of passwords, the security team has stringent standards. What kind of authentication method should they implement?
A. Make copies of your Google passwords with the help of G Suite Password Sync.
B. Implement federated authentication using SAML 2.0 on top of the current Identity Provider.
C. Create Google accounts for users with the help of the Google Cloud Directory Sync tool.
D. Request that users set their Google passwords so that they are identical to their corporate passwords.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 2 Explanation: GCDS tool only copies the usernames, not the passwords. And more over strict security requirements for the passwords. Not allowed to copy them onto Google, I think. Federation techniques help resolve this issue. GCDS synchronizes password as well and that is the reason why Option-2 is the correct answer. Only in Option-2 the password doesn't get copied to GCP. From google site GSPS won't sync an Active Directory password with a Google Account until it's changed. this if from google to for GCDC Using GCDS–The recommended way to add users to your Google Account in an Active Directory environment is with Google Cloud Directory Sync (GCDS). GCDS automatically syncs user accounts in your Google domain with user accounts in your Active Directory system. GCDS syncs user accounts and some other LDAP attributes but not the passwords, with hybrid connectivity to GCP, SAML (or federation) is the preferred method. GCDS does sync passwords. Option-2 Considering another aspect mentioned in the question: The business owners require minimal user disruption. This internally implies usage of SSO, else users will have to authenticate twice depending upon Corporate app's hosting environment being GCP or on premise data center.