Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam
Go to Exam

Exam Associate Cloud Engineer topic 1 question 220 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 220
Topic #: 1
[All Associate Cloud Engineer Questions]

During a recent audit of your existing Google Cloud resources, you discovered several users with email addresses outside of your Google Workspace domain. You want to ensure that your resources are only shared with users whose email addresses match your domain. You need to remove any mismatched users, and you want to avoid having to audit your resources to identify mismatched users. What should you do?

  • A. Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.
  • B. Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.
  • C. Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.
  • D. Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Speridian at Aug. 2, 2023, 4:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
joao_01
Highly Voted 1 year, 2 months ago
Selected Answer: D
Its D. "The domain restriction constraint is not retroactive. Once a domain restriction is set, this limitation will apply to IAM policy changes made from that point forward, and not to any previous changes.". Link: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
upvoted 6 times
...
denno22
Most Recent 1 month, 3 weeks ago
Selected Answer: D
Organization policies are not retroactive. If you need to force a change to your resource hierarchy that would violate an enforced constraint, you can disable the organization policy, make the change, and then enable the organization policy again.
upvoted 1 times
...
Timfdklfajlksdjlakf
3 months ago
Selected Answer: D
joao_01 provided the appropriate answer, take it or leave it.
upvoted 1 times
...
scanner2
1 year, 2 months ago
Selected Answer: D
D seems to be most appropriate. You can use organization policy constraint to limit the identities by domain. Once the organization policy is set, you can remove the leftover users that mismatched the conditions. https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
upvoted 4 times
...
Cherrycardo
1 year, 3 months ago
Selected Answer: D
https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints This list constraint defines the set of domains that email addresses added to Essential Contacts can have. By default, email addresses with any domain can be added to Essential Contacts. The allowed/denied list must specify one or more domains of the form @example.com. If this constraint is active and configured with allowed values, only email addresses with a suffix matching one of the entries from the list of allowed domains can be added in Essential Contacts. This constraint has no effect on updating or removing existing contacts. constraints/essentialcontacts.allowedContactDomains
upvoted 2 times
...
3arle
1 year, 3 months ago
Selected Answer: D
In order to define an organization policy, you choose a constraint, which is a particular type of restriction
upvoted 2 times
...
juliorevk
1 year, 3 months ago
Selected Answer: D
https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - Domain restricted sharing If this constraint is active, only principals that belong to the allowed customer IDs can be added to IAM policies. It doesn't specifically say, but I think it doesn't get rid of existing principals.
upvoted 2 times
...
Speridian
1 year, 3 months ago
Should be D. Organization policy does not remove users automatically.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel