Answer-first summary for fast verification
Answer: Organize projects in folders, and assign permissions to Google groups at the folder level., Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity.
Option B (Organize projects in folders and assign permissions to Google groups at the folder level) enables delegation of IAM management to business units by allowing them to manage permissions for their projects within their folders, ensuring isolation between business units. Option E (Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity) integrates the on-premises directory service with Google Cloud, ensuring that user access is automatically updated based on directory changes (e.g., when users move or leave). This combination meets all requirements: delegation, scalability, isolation, automatic access revocation, and on-premises directory integration. Option A (VPC Service Controls) focuses on data exfiltration prevention, not IAM delegation. Option C (Organization Units) is not a Google Cloud resource hierarchy feature for IAM. Option D (IAM Conditions with project naming) is error-prone and does not scale well for thousands of users.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to delegate IAM management for Google Cloud projects to individual business units within a large organization. The solution must meet these requirements:
What should you do? (Choose two.)
A
Use VPC Service Controls to create perimeters around each business unit's project.
B
Organize projects in folders, and assign permissions to Google groups at the folder level.
C
Group business units based on Organization Units (OUs) and manage permissions based on OUs
D
Create a project naming convention, and use Google's IAM Conditions to manage access based on the prefix of project names.
E
Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity.