Answer-first summary for fast verification
Answer: Enable the Restrict Shared VPC Host Projects organization policy on the production folder. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.
The question requires restricting Shared VPC attachments for production folder projects to only the networking folder, without impacting the development folder, using the most efficient and least disruptive approach. Option A applies the Restrict Shared VPC Host Projects organization policy at the production folder level with a custom rule allowing only the networking folder (under:folders/networking), which directly targets the production folder as required. This is more efficient than organization-level (Option D) or project-level (Option C) application, and Option B incorrectly applies the policy to the networking folder instead of the production folder. The community discussion shows 100% consensus on A with upvoted comments supporting it as the correct choice.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You have a Google Cloud organization with three folders: production, development, and networking. Networking resources are centrally managed in the networking folder. You have identified that projects in the production folder are attaching to Shared VPCs outside the networking folder, creating a potential data exfiltration risk. You must resolve this issue for the production folder without impacting the development folder, using the most efficient and least disruptive approach. What should you do?
A
Enable the Restrict Shared VPC Host Projects organization policy on the production folder. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.
B
Enable the Restrict Shared VPC Host Projects organization policy on the networking folder only. Create a new custom rule and configure the policy type to Allow. In the Custom value section, enter under:organizations/123456739123.
C
Enable the Restrict Shared VPC Host Projects organization policy at the project level for each of the production projects. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.
D
Enable the Restrict Shared VPC Host Projects organization policy at the organization level. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.