Your organization's Cloud Center-of-Excellence team applies an organization policy at the Organization node that sets constraints/compute.requireShieldedVm to enforced: true. A new project that lives under the Engineering folder must spin up a legacy, non-Shielded VM for a short-term compatibility test, and you have full IAM ownership of that project. What must you do so the instance can be created?
Attach a conditional IAM policy binding on the VM instance that ignores organization policies for resources tagged "test".
Ask an Organization Administrator to relax or exempt the constraint at the Organization (or ancestor) level, because enforced boolean constraints cannot be overridden by descendants.
On the Engineering folder, disable policy inheritance and then set the constraint to not enforced.
Create a project-level organization policy that sets the same constraint to enforced: false.
Boolean constraints such as constraints/compute.requireShieldedVm are either enforced or not enforced. When a parent resource sets enforced: true, the constraint is inherited by every descendant folder, project, and resource, and child policies cannot weaken or disable it. The only way to permit a non-Shielded VM is to have an Organization (or an ancestor folder) administrator change the parent policy-either by setting enforced: false or by using an allowed exception that covers the desired project. Adding a policy at the folder or project level, changing IAM roles, or attaching conditional bindings cannot override an enforced boolean constraint.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Shielded VM in Google Cloud?
Open an interactive chat with Bash
What does `constraints/compute.requireShieldedVm` do?
Open an interactive chat with Bash
Can descendants override enforced boolean constraints like `constraints/compute.requireShieldedVm`?
Open an interactive chat with Bash
What is a boolean constraint in GCP organization policies?
Open an interactive chat with Bash
How does policy inheritance work in GCP organization policies?
Open an interactive chat with Bash
What are Shielded VMs and why might they be required?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .