Your company needs to segment Google Cloud resources used by each team from the others. The teams' efforts are changing frequently, and you need to reduce operational risk and maintain cost visibility. Which approach does Google recommend?
Your company needs to segment Google Cloud resources used by each team from the others. The teams' efforts are changing frequently, and you need to reduce operational risk and maintain cost visibility. Which approach does Google recommend?
The best approach to segment Google Cloud resources used by each team is to create one project per team. This method offers clear separation and isolation of resources, giving each team independence in managing their own resources while maintaining cost visibility. Additionally, it minimizes the operational risk, as changes made by one team will not impact the resources of other teams. Projects provide distinct environments with their own IAM policies and billing, making it easier to control access permissions and track expenditures accurately across teams.
It should be D, a top-level folder for each team give the ability to have multiple projects(I guess here goes the "teams efforts change frequently) and also cost is closely being watched and separated by Team->Team_Project. I hate GCP, so many poorly worded and vague questions...shame
In a company of 80,000, you might have 8,000 teams. Maybe 16,000. You want a top level folder for EACH? You don't need a TOP level folder for each. Maybe 1 per BU, then 1 per BU Department, then 1 per BU Department Division, then 1 per BU Department Division Team, etc. Nested folders, like Russian Dolls.
Answer is A.... The Teams need to segmented to have visibility on the resources each team consumes
Have a look at this image https://cloud.google.com/static/resource-manager/img/cloud-hierarchy.svg?dcb_=0.14515370615705625. Then, the correct answer is obviously D.
Answer A
Option D, "One top-level folder per team" is a possible approach to organizing Google Cloud resources, but it is not the recommended approach for the scenario described in the question. Folders are a way to organize projects and resources hierarchically within a Google Cloud organization. They are useful for creating custom organizational structures, managing access controls, and delegating administrative responsibilities. However, if the goal is to separate resources used by each team from the others and maintain cost visibility, organizing resources into one project per team or one organization per team would provide more clear separation and better cost tracking. Therefore, option A, "One project per team," is the recommended approach for this scenario.
One project per team approach offers clear separation and isolation of resources for each team, providing enhanced security, compliance, and operational control. Each team can have its own dedicated project, allowing them to independently manage their resources, control access permissions, and maintain cost visibility. Changes made by one team will not directly impact the resources of other teams, reducing operational risks and providing a more stable environment.
Google recommends using one project per team as the best approach to segmenting Google Cloud resources used by each team. Each project is a separate container for resources, with its own set of IAM policies and firewall rules. This allows each team to have full control over their own resources and also allows for cost visibility for each team. By creating a project for each team, you can also reduce operational risk, as changes made by one team will not affect the resources of another team.
It should be 'A' as it says "segment Google Cloud resources". if we follow the best practices of resource hierarchy Org->folders-subfolder->Project->resources. so the idea here is to create two project for each team to segment the resources with clear visibility
D. One top-level folder per team. Folders in Google Cloud provide a way to organize and manage resources hierarchically, making it easier to allocate resources to specific teams, manage access control, and maintain cost visibility. Each top-level folder can represent a different team, and you can create a hierarchy of folders to further organize resources as needed.
GCP projects allows tracking and controlling: https://cloud.google.com/security/infrastructure/design
Here are some reasons why using one project per team is not a good idea for resource segmentation: Inflexibility: It would prevent teams from changing their resources frequently. If a team needs to add or remove resources, they would need to create a new project or delete the old project. This can be time-consuming and disruptive. Cost: It would be more expensive to manage multiple projects. Each project has its own set of costs, such as storage costs, compute costs, and networking costs. This can add up quickly if you have a lot of projects. Complexity: It would be more complex to manage multiple projects. You would need to keep track of the resources in each project, as well as the costs of each project. This can be difficult to do, especially if you have a lot of projects.
A is correct
D is correct
................................
D is correct
A is correct, there is only 1 top level for Organization, then folders as per department/team and then projects for each department/team.
Answer should be 1 top-level folder per team so that they can create 1 project per environment which is also best practice.