Crucial Exams

GCP Associate Cloud Engineer Practice Question

Your company's security team has applied the boolean constraint constraints/compute.requireShieldedVm with enforced: TRUE at the Organization level. A development team needs to launch some legacy VM images that are not Shielded-VM-capable in a single project that lives several folders below the Organization node. They add a project-level organization policy for the same constraint and set enforced: FALSE, but deployment of the legacy VMs is still blocked. Which statement best explains this behavior?

  • Boolean constraints only evaluate the sum of all ancestor policies; because the project set enforced: FALSE, the system should allow non-Shielded VMs, so the issue must be unrelated.

  • The project's policy failed because enforced: FALSE must be set at the folder level; project-level policies are ignored for boolean constraints.

  • A lower-level policy cannot override a parent policy that already sets a boolean constraint to enforced; the Organization's setting remains in effect for all descendants.

  • The project policy was applied correctly, but it takes up to 24 hours for organization-policy changes at lower levels to override parent settings.

GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot