ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 304 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 304
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are managing a Google Cloud environment that is organized into folders that represent different teams. These teams need the flexibility to modify organization policies relevant to their work. You want to grant the teams the necessary permissions while upholding Google-recommended security practices and minimizing administrative complexity. What should you do?

  • A. Create a custom IAM role with the organization policy administrator permission and grant the permission to each team’s folder. Limit policy modifications based on folder names within the custom role’s definition.
  • B. Assign the organization policy administrator role to a central service account and provide teams with the credentials to use the service account when needed.
  • C. Create an organization-level tag. Attach the tag to relevant folders. Use an IAM condition to restrict the organization policy administrator role to resources with that tag.
  • D. Grant each team the organization policy administrator role at the organization level.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by abdelrahman89 at Oct. 4, 2024, 10:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
p981pa123
2 weeks, 1 day ago
Selected Answer: A
Tags in Google Cloud are primarily designed for organizing and categorizing resources.While it's possible to create IAM conditions that reference tags (e.g., limiting the use of a role to resources with specific tags), this method is not the most intuitive or straightforward way to manage IAM policies, especially when the main goal is to provide flexible policy management for different teams. In your case, folder-based isolation with custom IAM roles is a cleaner and more intuitive way to achieve team-level control over organization policies
upvoted 1 times
...
json4u
3 months, 3 weeks ago
Selected Answer: C
It's C.
upvoted 1 times
...
abdelrahman89
4 months ago
C - Granular Control: Creating an organization-level tag allows you to precisely control which teams have access to modify organization policies by attaching the tag to relevant folders. This ensures that only authorized teams can make changes. IAM Condition: Using an IAM condition to restrict the organization policy administrator role to resources with the tag provides a flexible and efficient way to grant permissions while maintaining control. This ensures that the role is only accessible for the intended teams. Security Best Practices: This approach aligns with Google-recommended security practices by limiting access to organization policies to authorized teams and using IAM conditions to enforce appropriate controls. Administrative Efficiency: This approach simplifies administration by providing a centralized mechanism for managing permissions and ensuring that only authorized teams can modify organization policies.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago