Google Professional Cloud Architect Exam - Topic 4 Question 70 Discussion

Actual exam question for Google's Professional Cloud Architect exam

Question #: 70
Topic #: 4

[All Professional Cloud Architect Questions]

You are responsible for the Google Cloud environment in your company Multiple departments need access to their own projects and the members within each department will have the same project responsibilities You want to structure your Google Cloud environment for minimal maintenance and maximum overview of 1AM permissions as each department's projects start and end You want to follow Google-recommended practices What should you do?

ACreate a Google Group per department and add all department members to their respective groups Create a folder per department
and grant the respective group the required 1AM permissions at the folder level Add the projects under the respective folders

BGrant all department members the required 1AM permissions for their respective projects

CCreate a Google Group per department and add all department members to their respective groups Grant each group the required I AM permissions for their respective projects

DCreate a folder per department and grant the respective members of the department the required 1AM permissions at the folder level. Structure all projects for each department under the respective folders

Show Suggested Answer

Suggested Answer: A

This option follows the Google-recommended practices for structuring a Google Cloud environment for minimal maintenance and maximum overview of IAM permissions. By creating a Google Group per department and adding all department members to their respective groups, you can simplify user management and avoid granting IAM permissions to individual users. By creating a folder per department and granting the respective group the required IAM permissions at the folder level, you can enforce consistent policies across all projects within each department and avoid granting IAM permissions at the project level. By adding the projects under the respective folders, you can organize your resources hierarchically and leverage inheritance of IAM policies from folders to projects. The other options are not optimal for this scenario, because they either require granting IAM permissions to individual users (B, C), or do not use Google Groups to manage users (D). Reference:

https://cloud.google.com/architecture/framework/system-design

https://cloud.google.com/architecture/identity/best-practices-for-planning

https://cloud.google.com/resource-manager/docs/creating-managing-folders

by Tracey at Oct 07, 2023, 06:06 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lynda

3 months ago

C could work too, but A just feels more structured.

upvoted 0 times

...

Eladia

3 months ago

A is definitely the way to go for minimal maintenance.

upvoted 0 times

...

Christoper

4 months ago

Surprised that people think B is a good idea, it could get messy!

upvoted 0 times

...

Monte

4 months ago

I disagree, B is simpler and more direct.

upvoted 0 times

...

Alyssa

4 months ago

A seems like the best option for organization.

upvoted 0 times

...

Gretchen

4 months ago

I recall that using groups helps with scalability, so option A might be the best choice for minimizing maintenance as projects change.

upvoted 0 times

...

Kattie

4 months ago

I feel like option C could work too, but it seems like it might lead to more maintenance since permissions are set at the project level instead of the folder.

upvoted 0 times

...

Quentin

4 months ago

I'm not entirely sure, but I remember something about granting permissions at the folder level being a best practice. Maybe option D is the way to go?

upvoted 0 times

...

Goldie

5 months ago

I think option A sounds familiar because it emphasizes using Google Groups, which we practiced in class for managing permissions efficiently.

upvoted 0 times

...

Queen

5 months ago

I'm a little confused by the wording of the question. Is the goal to minimize maintenance or maximize visibility of IAM permissions? I'll need to think through the tradeoffs between the different approaches before deciding.

upvoted 0 times

...

Rossana

5 months ago

Okay, I've got this. The answer is clearly option C - create a Google Group per department, add all members to their respective groups, and then grant the required IAM permissions to each group. This way, I can easily manage permissions at the group level as departments change over time.

upvoted 0 times

...

Jeannetta

5 months ago

Hmm, I'm a bit unsure about this one. There are a few options presented, and I'm not entirely sure which one follows Google's recommended practices the best. I'll need to review the details carefully.

upvoted 0 times

...

Veronica

5 months ago

This looks like a straightforward question on managing IAM permissions in Google Cloud. I think the key is to leverage Google Groups to simplify permission management across multiple departments.

upvoted 0 times

...

Freeman

5 months ago

I think the key here is to focus on analyzing the data from last year's campaigns. The question is asking for specific ways to use Magento Business Intelligence, so I'll need to review the options and choose the two that seem most relevant.

upvoted 0 times

...

Noe

5 months ago

I'm feeling a bit lost on this one. Maybe I should review my notes on SiL testing before attempting to answer.

upvoted 0 times

...

Taryn

5 months ago

Hmm, this looks like a tricky one. I'll need to carefully review the options and think through the scenario to determine the best approach.

upvoted 0 times

...