Exam Professional Cloud Security Engineer topic 1 question 69 discussion

The answer is A: With Google Cloud Directory Sync (GCDS), you can synchronize the data in your Google Account with your Microsoft Active Directory or LDAP server. GCDS doesn't migrate any content (such as email messages, calendar events, or files) to your Google Account. You use GCDS to synchronize your Google users, groups, and shared contacts to match the information in your LDAP server. The questions says the well established directory service is the 'source of truth' not GCP... So LDAP or AD is the source... GCDS will sync that to match those, not replace them...

GCDS -? It helps sync up from the source of truth (any IdP like ldap, AD) to Google identity. In this scenario, the question is what can be a good identity service by itself, hence B is the right answer.

Google Cloud Directory Sync (GCDS): GCDS is a tool used to synchronize your Google Workspace user data with your Microsoft Active Directory or other LDAP servers. This would ensure that Google Workspace has the same user data as your existing directory, but it doesn't act as an identity provider (IDP). BUT C. Security Assertion Markup Language (SAML): SAML is an open standard for exchanging authentication and authorization data between an identity provider (your organization's existing directory service) and a service provider (like GCP). With SAML, GCP can rely on your existing directory service for authentication, and your existing directory remains the "source of truth."

Orgn is evaluating GC so cloud Identity is the GC product hence B

A. Google Cloud Directory Sync (GCDS)

With Google Cloud Directory Sync (GCDS), you can synchronize the data in your Google Account with your Microsoft Active Directory or LDAP server. GCDS doesn't migrate any content (such as email messages, calendar events, or files) to your Google Account. You use GCDS to synchronize your Google users, groups, and shared contacts to match the information in your LDAP server. https://support.google.com/a/answer/106368?hl=en

B should be the answer, GCDS is for ad sync.

seems there is nothing metioned about what they have on premise, so B is better

Answer A

A or B?

Ans : B as per the question.

My Answer will go for A (GCDS), noticed the question is mentioning about "A directory service 'is used' " / "must continue" instead of "A directory service 'will be used' ". So here my understanding is the organization has already using their own directory service. Therefore Answer B - Cloud identity may not be an option.

Ans is B because the questions said "the well-established directory must continue for the orgnanization to use as the source of truth" so that the user access to GCP must authenticated by the existing directory. Cloud Identity support to federate it to 3rd party/ADFS using SAML.

GCDS is an app to sync users, groups and other features from AD to Cloud Identity. But, in this question, the customer needs to know what's the product on GCP that meet with this. So, I thiink the answer is B.

Ans - A

GCDS is a part of CI's feature that synchronizes the data in Google domain to match with AD/LDAP server. This includes users, groups contacts etc are synchronized/migrated to match. Hence, I would go B. "https://se-cloud-experts.com/wp/wp-content/themes/se-it/images/pdf/google-cloud-identity-services.pdf"

Isn't it A?