Exam Professional Cloud Security Engineer topic 1 question 39 discussion

B and C should be correct...

B and C are viable

Which Policy Constriaint allow to manage permission?!??!?! D is not an option. The answer is B and C

B and C are the correct answers!!

B is correct But, if you make 1 group (by choosing option C) how you manage the permission for dev environment ? since you have only 1 group, you will offer the same access for all 300 engineers (that are in that group) to dev and prod environment, so this will not answer the question: efficiently manage IAM permissions between users in the development and production environment projects

CE - A general recommendation is to have one project per application per environment. For example, if you have two applications, "app1" and "app2", each with a development and production environment, you would have four projects: app1-dev, app1-prod, app2-dev, app2-prod. This isolates the environments from each other, so changes to the development project do not accidentally impact production, and gives you better access control, since you can (for example) grant all developers access to development projects but restrict production access to your CI/CD pipeline. https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

A - no VPC required B - yes - pre req C - Yes D - likely but C is first E - not scalable/feasible/advisable

Ans : BC

Ans - BC

B,C is the answer. Create a folder for each env and assign IAM policies to the group.

BC is the right answer, create folder for each env and assign IAM policies to group

Correct Answer: CE

B&C D does not help efficiently manage IAM. Effective IAM implies using groups.

I'd say B and D are correct