Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 304 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 304
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are managing a Google Cloud environment that is organized into folders that represent different teams. These teams need the flexibility to modify organization policies relevant to their work. You want to grant the teams the necessary permissions while upholding Google-recommended security practices and minimizing administrative complexity. What should you do?

  • A. Create a custom IAM role with the organization policy administrator permission and grant the permission to each team’s folder. Limit policy modifications based on folder names within the custom role’s definition.
  • B. Assign the organization policy administrator role to a central service account and provide teams with the credentials to use the service account when needed.
  • C. Create an organization-level tag. Attach the tag to relevant folders. Use an IAM condition to restrict the organization policy administrator role to resources with that tag.
  • D. Grant each team the organization policy administrator role at the organization level.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by abdelrahman89 at Oct. 4, 2024, 10:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
json4u
1 month, 1 week ago
Selected Answer: C
It's C.
upvoted 1 times
...
abdelrahman89
1 month, 2 weeks ago
C - Granular Control: Creating an organization-level tag allows you to precisely control which teams have access to modify organization policies by attaching the tag to relevant folders. This ensures that only authorized teams can make changes. IAM Condition: Using an IAM condition to restrict the organization policy administrator role to resources with the tag provides a flexible and efficient way to grant permissions while maintaining control. This ensures that the role is only accessible for the intended teams. Security Best Practices: This approach aligns with Google-recommended security practices by limiting access to organization policies to authorized teams and using IAM conditions to enforce appropriate controls. Administrative Efficiency: This approach simplifies administration by providing a centralized mechanism for managing permissions and ensuring that only authorized teams can modify organization policies.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel