Answer-first summary for fast verification
Answer: compute.restrictXpnProjectLienRemoval
The correct answer is B (compute.restrictXpnProjectLienRemoval) because this organization policy constraint specifically restricts who can remove the lien that prevents deletion of Shared VPC host projects. When a project is designated as a Shared VPC host, Google Cloud automatically places a lien on it to prevent accidental deletion. By default, project owners can remove this lien, which would allow them to delete the host project. The compute.restrictXpnProjectLienRemoval constraint, when enabled at the organization level, restricts lien removal permissions to only users with organization-level permissions, thereby preventing accidental deletion. The community discussion shows 100% consensus on answer B, with multiple comments citing the official Google documentation that confirms this constraint's purpose. Other options like compute.restrictSharedVpcHostProjects and compute.restrictSharedVpcSubnetworks control different aspects of Shared VPC configuration but don't specifically address the lien removal protection needed to prevent accidental deletion.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization policy constraint should you enable?
A
compute.restrictSharedVpcHostProjects
B
compute.restrictXpnProjectLienRemoval
C
compute.restrictSharedVpcSubnetworks
D
compute.sharedReservationsOwnerProjects
No comments yet.