Google Exam Professional Cloud Security Engineer Topic 1 Question 87 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 87
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your Google Cloud environment has one organization node, one folder named Apps." and several projects within that folder The organizational node enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the terramearth.com organization The "Apps" folder enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the flowlogistic.com organization. It also has the inheritFromParent: false property.

You attempt to grant access to a project in the Apps folder to the user testuser@terramearth.com.

What is the result of your action and why?

AThe action fails because a constraints/iam.allowedPolicyMemberDomains organization policy must
be defined on the current project to deactivate the constraint temporarily.

BThe action fails because a constraints/iam.allowedPolicyMemberDomains organization policy is in place and only members from the flowlogistic.com organization are allowed.

CThe action succeeds because members from both organizations, terramearth. com or flowlogistic.com, are allowed on projects in the 'Apps' folder

DThe action succeeds and the new member is successfully added to the project's Identity and Access Management (1AM) policy because all policies are inherited by underlying folders and projects.

Show Suggested Answer

Suggested Answer: A, C

https://cloud.google.com/architecture/framework/security/data-residency-sovereignty#manage_your_operational_sovereignty

by Gail at Sep 11, 2024, 02:33 AM

Limited Time Offer

25%

17 days ago

I think the answer is B. Only members from flowlogistic.com are allowed.

upvoted 0 times

...