Answer-first summary for fast verification
Answer: Enable the constraints/compute.skipDefaultNetworkCreation organization policy constraint at the organization level.
Option A is the correct answer because it directly addresses the requirement to prevent default network creation across the organization using Google's built-in organization policy constraint 'constraints/compute.skipDefaultNetworkCreation'. This is a Google-recommended best practice that automatically skips default network creation during project creation, making it scalable for hundreds of ephemeral projects. The community discussion shows 100% consensus on this answer with multiple upvoted comments referencing the official Google documentation. Option B is inefficient and reactive rather than preventive. Option C grants excessive permissions (IAM Owner) and uses VPC Service Controls for a different purpose. Option D relies on manual template management rather than automated policy enforcement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are deploying hundreds of ephemeral projects via a new infrastructure CI/CD pipeline to allow users to interact with Google Cloud. You need to prevent the use of default networks across your organization while adhering to Google-recommended practices. What should you do?
A
Enable the constraints/compute.skipDefaultNetworkCreation organization policy constraint at the organization level.
B
Create a cron job to trigger a daily Cloud Function to automatically delete all default networks for each project.
C
Grant your users the IAM Owner role at the organization level. Create a VPC Service Controls perimeter around the project that restricts the compute.googleapis.com API.
D
Only allow your users to use your CI/CD pipeline with a predefined set of infrastructure templates they can deploy to skip the creation of the default networks.
No comments yet.