Your company's Organization node enforces the constraint compute.requireShieldedVm to ensure that all new Compute Engine VMs use Shielded VM images. A development team now needs to spin up a small test project that must run several legacy, non-Shielded images for the next two weeks. You have Project Owner rights on the new project but cannot modify policies at higher levels. What is the most efficient way to let the team create the required VMs without weakening security for any other resource in the organization?
Delete the organization-level policy, create the VMs, and re-enable the policy after the test is finished.
Move the project out of the Organization into a standalone billing account that is not subject to the policy.
Add a project-level Organization Policy for compute.requireShieldedVm with enforced: false, overriding the inherited setting just for this project.
Grant the developers the Compute Admin role so they can disable Shielded VM when launching instances.
Organization Policy constraints are inherited, but any child resource can set its own policy to override inherited settings-provided the parent policy is not explicitly locked. Because compute.requireShieldedVm is a Boolean constraint, you can add a project-level policy where enforced is set to false. This locally disables the requirement only for that project and leaves the organization-wide enforcement unchanged. Removing the org-level policy, moving the project outside the organization, or granting broader roles would either reduce security for other resources or violate administrative boundaries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the compute.requireShieldedVm constraint?
Open an interactive chat with Bash
How does overriding an Organization Policy at the project level work?
Open an interactive chat with Bash
What security risks are avoided by using a project-level override instead of modifying the organization-level policy?
Open an interactive chat with Bash
What is the `compute.requireShieldedVm` constraint?
Open an interactive chat with Bash
What are Shielded VMs and how do they enhance security?
Open an interactive chat with Bash
What is the advantage of overriding Organization Policies at the project level?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .