Answer: Assign the development team group the Project Owner role on the Shopping folder, and remove the development team group Project Owner role from the Organization.

The correct answer is C because it addresses the core issue of permission inheritance in Google Cloud's resource hierarchy. Since the development team has the Project Owner role at the organization level, this permission is inherited by all child resources (including the Finance folder). Simply assigning a more restrictive role (like Project Viewer) at the folder level (options A and B) does not override the inherited Project Owner permissions due to the union of permissions from all levels. Option D fails to remove the inherited Project Owner role from the organization, so the team would still have creation rights in the Finance folder. Option C correctly removes the Project Owner role from the organization level and assigns it only to the Shopping folder, adhering to the principle of least privilege and ensuring the team cannot create resources in the Finance folder. The community discussion strongly supports C, with high upvotes and reasoning that emphasizes the need to remove the organization-level role to prevent inheritance.

Author: LeetQuiz Editorial Team