ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3: Designing for Security and ComplianceResource HierarchyOrganization PolicySecurity

GCP PCA · Question 27 · Domain 3: Designing for Security and Compliance

You are designing the resource hierarchy for a large enterprise. The company has three main departments: HR, Finance, and Engineering. Each department has multiple environments (Dev, Test, Prod). You need to apply a policy that prevents the creation of external IP addresses for all Dev and Test environments across all departments. How should you structure the hierarchy?

Answer options:

A.

Create Folders for HR, Finance, and Engineering at the top level. Create sub-folders for Dev, Test, and Prod. Apply the Organization Policy to every Dev and Test sub-folder.

B.

Create Folders for Dev, Test, and Prod at the top level. Create sub-folders for HR, Finance, and Engineering. Apply the Organization Policy to the Dev and Test folders.

C.

Apply the Organization Policy at the Organization node and use IAM conditions to exempt Prod.

D.

Apply the policy at the Project level for every Dev and Test project.

How to approach this question

Design the hierarchy to minimize the number of places a policy must be applied. Group by the common policy denominator.

Full Answer

B.Create Folders for Dev, Test, and Prod at the top level. Create sub-folders for HR, Finance, and Engineering. Apply the Organization Policy to the Dev and Test folders.✓ Correct
Create Folders for Dev, Test, and Prod at the top level. Create sub-folders for HR, Finance, and Engineering. Apply the Organization Policy to the Dev and Test folders.
Resource hierarchy design should align with policy application. If security policies are primarily driven by the environment (Dev vs Prod), the environment should be the top-level folder. This allows you to apply the `compute.vmExternalIpAccess` constraint at the Dev and Test folder levels, and it will inherit down to all departmental projects beneath them.

Common mistakes

Structuring by Department first (A). This is common but leads to policy fragmentation if policies are environment-driven.
26All questions28

Practice the full GCP Professional Cloud Architect Practice Exam 4

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...MediumQ02CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...MediumQ03CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...HardQ04CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...HardQ05CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Easy
View all 50 questions →