ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 106 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 106
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements:
✑ Each business unit manages access controls for their own projects.
✑ Each business unit manages access control permissions at scale.
✑ Business units cannot access other business units' projects.
✑ Users lose their access if they move to a different business unit or leave the company.
✑ Users and access control permissions are managed by the on-premises directory service.
What should you do? (Choose two.)

  • A. Use VPC Service Controls to create perimeters around each business unit's project.
  • B. Organize projects in folders, and assign permissions to Google groups at the folder level.
  • C. Group business units based on Organization Units (OUs) and manage permissions based on OUs
  • D. Create a project naming convention, and use Google's IAM Conditions to manage access based on the prefix of project names.
  • E. Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by TheBuckler at Oct. 7, 2022, 5:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TheBuckler
Highly Voted 2 years ago
I will take B & E. Makes sense for the OUs to have their own folders and respective projects under their folders. This will make each OU independent from one another in terms of environments, and will not be able to communicate with one another unless shared VPC/VPC peering is utilized. And E is fairly obvious, as they want to manage their users from on-prem directory, hence GCDS.
upvoted 5 times
...
pedrojorge
Highly Voted 1 year, 9 months ago
Selected Answer: BE
B and E
upvoted 5 times
...
tia_gll
Most Recent 7 months, 1 week ago
Selected Answer: BE
Ans are : B & E
upvoted 1 times
...
pradoUA
1 year ago
Selected Answer: BE
B and E are correct
upvoted 2 times
...
Rightsaidfred
1 year, 11 months ago
Agreed…B & E
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago