Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Cloud Architect Topic 1 Question 73 Discussion

Actual exam question for Google's Professional Cloud Architect exam
Question #: 73
Topic #: 1
[All Professional Cloud Architect Questions]

Your company has a Google Workspace account and Google Cloud Organization Some developers in the company have created Google Cloud projects outside of the Google Cloud Organization

You want to create an Organization structure that allows developers to create projects, but prevents them from modifying production projects You want to manage policies for all projects centrally and be able to set more restrictive policies for production projects

You want to minimize disruption to users and developers when business needs change in the future You want to follow Google-recommended practices How should you design the Organization structure?

Show Suggested Answer Hide Answer
Suggested Answer: C

This option can help create an organization structure that allows developers to create projects, but prevents them from modifying production projects. Folders are containers for projects and other folders within Google Cloud organizations. Folders allow resources to be structured hierarchically and inherit policies from their parent resources. By creating folders under the organization resource named ''Development'' and ''Production'', you can organize your projects by environment and apply different policies to them. By granting all developers the Project Creator IAM role on the ''Development'' folder, you can allow them to create projects under that folder, but not under the ''Production'' folder. By moving the developer projects into the ''Development'' folder, you can ensure that they are subject to the policies set on that folder. By setting the policies for all projects on the organization, you can manage policies centrally and efficiently. By additionally setting the production policies on the ''Production'' folder, you can enforce more restrictive policies for production projects and prevent developers from modifying them. The other options are not optimal for this scenario, because they either create a second Google Workspace account and organization, which increases complexity and cost (A), or do not use folders to organize projects by environment, which makes it harder to manage policies and permissions (B, D). Reference:

https://cloud.google.com/resource-manager/docs/creating-managing-folders

https://cloud.google.com/architecture/framework/system-design


Contribute your Thoughts:

Rasheeda
8 months ago
Agreed. Although, I have to say, the 'Development' and 'Production' folder names are a bit on the nose, don't you think? Maybe we could get a little creative there.
upvoted 0 times
...
Brandee
8 months ago
Yeah, I like that approach too. Plus, it follows the Google-recommended practices, which is a nice added bonus.
upvoted 0 times
...
Virgie
8 months ago
That's a good point. I'm leaning towards option C. It gives us the flexibility we need while still allowing us to set policies centrally.
upvoted 0 times
...
Paola
8 months ago
Hmm, but then we'd have development projects outside the Organization, which goes against the requirement to manage policies centrally.
upvoted 0 times
Artie
7 months ago
B
upvoted 0 times
...
Tiffiny
7 months ago
Granting developers the Project Creator role on the Organization and setting policies centrally would help with management.
upvoted 0 times
...
Candra
8 months ago
B
upvoted 0 times
...
Kindra
8 months ago
True, creating a folder under the Organization for 'Production' seems like a better option.
upvoted 0 times
...
Viva
8 months ago
B
upvoted 0 times
...
Sang
8 months ago
Hmm, but then we'd have development projects outside the Organization, which goes against the requirement to manage policies centrally.
upvoted 0 times
...
Bette
8 months ago
A
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77