Google Cloud Professional Cloud Security Engineer (PCSE)

1. A company is migrating from an on-premises Microsoft Active Directory environment to Google Cloud. They need to synchronize their existing AD users and groups into Cloud Identity without disrupting existing authentication workflows. Which tool should the security engineer configure to accomplish this?

2. A security engineer is configuring Google Cloud Directory Sync (GCDS) for a company that has 50,000 Active Directory users. The engineer needs to ensure that only users in specific AD Organizational Units (OUs) are synchronized to Cloud Identity, and that deleted AD users are automatically removed from Cloud Identity. Which GCDS configuration best satisfies these requirements?

3. An enterprise wants to enable Single Sign-On (SSO) for their Google Cloud users. The company already operates an identity provider (IdP) that supports SAML 2.0. A security engineer needs to configure the IdP so that Google Cloud acts as the service provider. What configuration is required on the Google Admin console side?

4. A company's Cloud Identity domain is configured with SAML SSO through a third-party IdP. A user reports they can log in through the IdP dashboard but cannot access the Google Cloud console. The SAML assertion is being sent, but authentication fails. What is the most likely cause?

5. A company wants to allow contractors who do not have Cloud Identity accounts to access Google Cloud resources using their existing corporate credentials managed in an external OIDC-compliant identity provider. The solution must not require creating Cloud Identity accounts for each contractor. Which Google Cloud feature should the security engineer configure?