Module 4: Identity and Access Management (IAM)

Looking for ‘Managing Security in Google Cloud Module 4 Answers’?

In this post, I provide complete, accurate, and detailed explanations for the answers to Module 4: Identity and Access Management (IAM) of Course 9: Managing Security in Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.

Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!

Securing Access to Google Cloud

Graded Assignment

1. Which of the following statements is TRUE for the use of Cloud Identity?

  • Cloud Identity can work with any domain name that is able to receive email. ✅
  • You cannot use both Cloud Identity and Google Workspace services to manage your users across your domain.
  • A Google Workspace or Cloud Identity account can be associated with more than one Organization.
  • Your organization must use Google Workspace services in order to use Cloud Identity.

Explanation:
Cloud Identity lets you use your own domain to manage users and access, as long as the domain is valid and can receive emails. It’s not limited to Google Workspace and can be used independently.

2. The main purpose of Google Cloud Directory Sync is to: (choose ONE option below)

  • Enable two-way data synchronization between Google Cloud and AD/LDAP accounts.
  • Help simplify provisioning and de-provisioning user accounts. ✅
  • Completely replace an Active Directory or LDAP service.

Explanation:
Google Cloud Directory Sync (GCDS) helps automate the synchronization of user accounts from an existing LDAP directory (like Microsoft Active Directory) to Google Cloud, simplifying the management process—especially provisioning and de-provisioning.

3. Which TWO of the following are considered authentication "best practices?"

  • Organization Admins should never remove the default Organization-level permissions from users after account creation.
  • You should have no more than three Organization admins. ✅
  • Avoid managing permissions on an individual user basis where possible. ✅
  • Requiring 2-Step Verification (2SV) is only recommended for super-admin accounts.

Explanation:

  • Limiting the number of organization admins enhances security.
  • It’s best to assign permissions through groups or roles, not individually, to reduce complexity and errors.

Related contents:

Module 2: Foundations of Google Cloud Security
Module 3: Securing Access to Google Cloud
Module 5: Configuring Virtual Private Cloud for Isolation and Security

You might also like:

Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 10: Security Best Practices in Google Cloud
Course 11: Mitigating Security Vulnerabilities on Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers

Leave a Reply