Google Professional Cloud Security Engineer Exam - Topic 4 Question 40 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 40
Topic #: 4

[All Professional Cloud Security Engineer Questions]

You are a security administrator at your company. Per Google-recommended best practices, you implemented the domain restricted sharing organization policy to allow only required domains to access your projects. An engineering team is now reporting that users at an external partner outside your organization domain cannot be granted access to the resources in a project. How should you make an exception for your partner's domain while following the stated best practices?

ATurn off the domain restriction sharing organization policy. Set the policy value to 'Allow All.'

BTurn off the domain restricted sharing organization policy. Provide the external partners with the required permissions using Google's Identity and Access Management (IAM) service.

CTurn off the domain restricted sharing organization policy. Add each partner's Google Workspace customer ID to a Google group, add the Google group as an exception under the organization policy, and then turn the policy back on.

DTurn off the domain restricted sharing organization policy. Set the policy value to 'Custom.' Add each external partner's Cloud Identity or Google Workspace customer ID as an exception under the
organization policy, and then turn the policy back on.

Show Suggested Answer

Suggested Answer: B

by Matthew at May 07, 2022, 11:13 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Moon

4 months ago

B is too broad; we need to be more specific with permissions.

upvoted 0 times

...

Margery

4 months ago

Just turning off the policy feels like a bad move.

upvoted 0 times

...

Brock

4 months ago

Wait, can we really just add customer IDs like that? Sounds risky.

upvoted 0 times

...

Darrin

4 months ago

I disagree, D is more straightforward for managing exceptions.

upvoted 0 times

...

Clement

5 months ago

C seems like the best option to keep things secure.

upvoted 0 times

...

Curt

5 months ago

I vaguely recall something about using IAM for permissions, but I’m not sure if that’s the best approach here. Option B seems risky since it might not keep the restrictions in place.

upvoted 0 times

...

Gerald

5 months ago

I feel like we practiced a similar question where we had to balance security and access. Option D seems to align with that, but I’m not 100% confident about the specifics of adding exceptions.

upvoted 0 times

...

Lucina

5 months ago

I'm not entirely sure, but I think turning off the domain restriction completely, like in option A, could expose us to risks. We should definitely avoid that.

upvoted 0 times

...

Glendora

5 months ago

I remember we discussed the importance of keeping the domain restriction policy in place for security. I think option C sounds like a good way to make an exception while still following best practices.

upvoted 0 times

...

Virgie

5 months ago

I've got this! The invalid sequence is option A, where the defect goes back and forth between Working and Clarification multiple times before reaching Verification and Closed.

upvoted 0 times

...

Rene

5 months ago

Multitenancy definitely seems like the most relevant cloud aspect that could complicate eDiscovery. I'll go with that.

upvoted 0 times

...

Dottie

5 months ago

Hmm, I'm a bit confused. The question mentions the ID is 'myText', but option A uses 'text1'. I'll need to double-check the code to make sure I'm selecting the right element.

upvoted 0 times

...