Exam Associate Cloud Engineer topic 1 question 223 discussion

Why would you need to federate the identities for Cloud ID and Workspace accounts? It's the same thing! I have a dev gcp org doing exactly this...

I think C is the best

B is incorrect because organizing user accounts within Cloud Identity and enforcing multi-factor authentication (MFA) alone is a limited approach for handling large-scale growth. While Cloud Identity groups and MFA are important for managing user permissions and enhancing security, this option lacks a robust identity management solution to handle the projected tenfold user increase. It does not address scalability challenges or provide a way to efficiently manage identities across Google Cloud and other services the company might integrate as they expand. While it would add some security, it would not streamline identity management or account synchronization at the scale needed.

Google Cloud Identity is Google’s identity provider (idP) that is used by both Workspace and Google Cloud. First, I thought it was C, but there is not identity federation between Cloud Identity and Workspace, because Cloud identity goes first and it is used by GCP, Workspace or other Google services. Moreover, By default, Cloud Identity Free includes 50 free licenses

According to the following article, Google Workspace already allows access to Google Cloud platform, so there should be no need for "identity federation between Cloud Identity and Google Workspace" (which I cannot find documentation about). C is out. https://cloud.google.com/iam/docs/user-identities A and D are out because Google is not going to suggest you use some other identity provider, lol

I see everyone is split here, but I like C best. Option C provides a streamlined and secure way to accommodate growth within the Google ecosystem. It prioritizes both ease of management and security. You already use Workspace for user management... Adding Active Directory adds complexity and is unnecessary; A is out. While improving security and organization, it doesn't directly solve the issue of seamless access to GCP resources or address user management as you scale; B is out…. While some scenarios might justify it, you're already using Google Workspace for identity. This option adds complexity, cost, and an extra system to manage; D is out….

I think B helps to manage but the answer in this scenario is C due to allows for seamless integration between user accounts in both services

I choose B.

Per ChatGPT, Option A is the most suitable choice as it leverages the scalability and centralization capabilities of Active Directory, integrates with existing systems, and ensures seamless user management and authentication across Google Workspace and Google Cloud, aligning with the requirements for anticipated growth without introducing unnecessary complexity or security issues.

Answer is A. It is talking about long term. This option can support 10x growth without performance degradation, unnecessary complexity, or security issues, as it leverages the scalability, reliability, and security of Active Directory and Cloud Identity.

• Option C involves setting up a connection between Cloud Identity (which is used for Google Workspace) and Google Cloud. This connection simplifies managing user accounts for Google Cloud services. • It enforces an extra layer of security by requiring multi-factor authentication, which is essential for protecting user accounts and data. • This solution aligns with your company's growth plans, as it accommodates an increase in users from 100 to 1,000 without adding unnecessary complexity or performance issues. So, by selecting option C, you're ensuring a scalable, secure, and straightforward way to manage user access as your company expands.

I think its A

There is nothing like "identity federation between Cloud Identity and Google Workspace". You can only add Cloud Identity Free to your existing account. You can manage users using Cloud Identity without adding all of them to Google Workspace. Groups will help to manage the increased number of users. Therefore B answer is correct.

c is right

(a) If you already administer a Google Workspace account and want to enable more users to use Google Cloud, you might not want to assign all users a Google Workspace license. In this case, add Cloud Identity Free to your existing account. You can then onboard more users without additional charge and decide which users should have access to Google Workspace by assigning them a Google Workspace license.. (b) To let your users collaborate by using Google Workspace, and to minimize administrative overhead, it's best to manage all users through a single Cloud Identity or Google Workspace account and provide a single user account to each individual. This approach helps ensure that settings such as password policies, single sign-on, and two-step verification are consistently applied to all users. ref: https://cloud.google.com/architecture/identity/best-practices-for-planning

Why not A?

https://cloud.google.com/architecture/identity/best-practices-for-planning