Exam Professional Cloud Security Engineer topic 1 question 323 discussion

Actual exam question from Google's Professional Cloud Security Engineer

Question #: 323
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your organization leverages folders to represent different teams within your Google Cloud environment. To support Infrastructure as Code (IaC) practices, each team receives a dedicated service account upon onboarding. You want to ensure that teams have comprehensive permissions to manage resources within their assigned folders while adhering to the principle of least privilege. You must design the permissions for these team-based service accounts in the most effective way possible. What should you do?

A. Grant each service account the folder administrator role on its respective folder.
B. Grant each service account the project creator role at the organization level and use folder-level IAM conditions to restrict project creation to specific folders.
C. Assign each service account the project editor role at the organization level and instruct teams to use IAM bindings at the folder level for fine-grained permissions.
D. Assign each service account the folder IAM administrator role on its respective folder to allow teams to create and manage additional custom roles if needed.

Show Suggested Answer

Suggested Answer: A 🗳️

by Tag at July 14, 2025, 5:21 a.m.

Comments

Submit Cancel

n2183712847

1 day, 14 hours ago

Selected Answer: A

A. provides the most direct and effective permissions, as the Folder Administrator role grants comprehensive rights to manage resources within that specific folder, correctly scoping the powerful permissions needed for IaC.

upvoted 1 times

...