Associate Cloud Engineer Exam

Exam Associate Cloud Engineer All QuestionsBrowse all questions from this exam

Question 273

You are a Google Cloud organization administrator. You need to configure organization policies and log sinks on Google Cloud projects that cannot be removed by project users to comply with your company's security policies. The security policies are different for each company department. Each company department has a user with the Project Owner role assigned to their projects. What should you do?

Use a standard naming convention for projects that includes the department name. Configure organization policies on the organization and log sinks on the projects.

Use a standard naming convention for projects that includes the department name. Configure both organization policies and log sinks on the projects.

Organize projects under folders for each department. Configure both organization policies and log sinks on the folders.

Organize projects under folders for each department. Configure organization policies on the organization and log sinks on the folders.

Correct Answer: C

To ensure that organization policies and log sinks are applied in a way that cannot be altered by project users, and to accommodate the different security policies for each department, you should organize projects under folders for each department. Configuring both organization policies and log sinks on the folders ensures centralized control and adherence to security policies. Project owners cannot modify or remove these configurations when they are applied at the folder level.

Discussion

RuchiMishraOption: C

As per question, the security policies are different for each company department. Hence, organizing each department in folders, Organizational Policies on Folders, and Log Sinks on Folders will work. Project owners cannot modify or remove organization policies applied at the folder or organization level.

BuenaCloudDEOption: C

RuchiMishra is right.