Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 52 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 52
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.
Which two tasks should your team perform to handle this request? (Choose two.)

  • A. Remove all users from the Project Creator role at the organizational level.
  • B. Create an Organization Policy constraint, and apply it at the organizational level.
  • C. Grant the Project Editor role at the organizational level to a designated group of users.
  • D. Add a designated group of users to the Project Creator role at the organizational level.
  • E. Grant the billing account creator role to the designated DevOps team.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by mlyu at Sept. 1, 2020, 8:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mlyu
Highly Voted 4 years, 2 months ago
I think Ans is AD Because we need to stop the users can create project first (A), and allow devops team to create project (D)
upvoted 19 times
...
[Removed]
Highly Voted 3 years, 8 months ago
AD is the answer. If constraint is added , no project creation will be allowed, hence B is wrong
upvoted 7 times
...
taka5094
Most Recent 2 months, 3 weeks ago
E. I think that the billing account creator role is needed in this case. https://cloud.google.com/resource-manager/docs/default-access-control#removing-default-roles "After you designate your own Billing Account Creator and Project Creator roles, you can remove these roles from the organization resource to restrict those permissions to specifically designated users. "
upvoted 1 times
...
[Removed]
1 year, 4 months ago
Selected Answer: AD
"A,D" seems most accurate. The following page talks about how Project Creator role is granted to all users by default, which is why "A" is necessary. And then there's a section about granting Project Creator to specific users which is where "D" comes in. https://cloud.google.com/resource-manager/docs/default-access-control#removing-default-roles
upvoted 1 times
...
AzureDP900
2 years ago
AD is perfect. A. Remove all users from the Project Creator role at the organizational level. D. Add a designated group of users to the Project Creator role at the organizational level.
upvoted 1 times
...
AwesomeGCP
2 years, 1 month ago
Selected Answer: AD
A. Remove all users from the Project Creator role at the organizational level. D. Add a designated group of users to the Project Creator role at the organizational level. https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints
upvoted 3 times
AzureDP900
2 years ago
AD is correct
upvoted 1 times
...
...
Jeanphi72
2 years, 3 months ago
Selected Answer: AD
https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints I see no way to restrict project creation with an organizational policy. If that would have been possible I would have voted for it as restrictions can be overriden in GCP.
upvoted 4 times
...
piyush_1982
2 years, 4 months ago
Selected Answer: AC
Seems to be AC When an organization resource is created, all users in your domain are granted the Billing Account Creator and Project Creator roles by default. As per the link https://cloud.google.com/resource-manager/docs/default-access-control#removing-default-roles Hence A is definitely the answer. Now to add the project creator we need to add the designated group to the project creator role specifically.
upvoted 1 times
...
absipat
2 years, 5 months ago
ad of course
upvoted 1 times
...
syllox
3 years, 6 months ago
Ans AC also
upvoted 1 times
syllox
3 years, 6 months ago
AD , C is a mistake it's project Editor and not creator
upvoted 3 times
...
...
DebasishLowes
3 years, 9 months ago
Ans : AD
upvoted 4 times
...
Aniyadu
3 years, 10 months ago
A & D is the right answer.
upvoted 4 times
...
[Removed]
4 years ago
Ans - AD
upvoted 3 times
...
genesis3k
4 years ago
I think AC. Because, a role is granted to user/group, rather user/group is added to a role.
upvoted 1 times
syllox
3 years, 6 months ago
C is a mistake it's project Editor and not creator
upvoted 1 times
...
...
CHECK666
4 years, 1 month ago
AD is the answer. There's nothing related to project creation in organization policy constraints.
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel