Crucial Exams

GCP Professional Cloud Architect Practice Question

Your company has a single Google Cloud organization. Security requires strict separation of production and development resources. A small central security team must enforce IAM roles and Organization Policy constraints-such as blocking external VM IPs-across every production resource without touching each project, while product teams keep full IAM control within their own projects. As more teams join the platform, which Google Cloud resource-hierarchy design best meets these needs and keeps operational overhead low?

  • Tag every project with an environment label (prod or dev) and rely on label-based log sinks so the security team can detect and remediate non-compliant production resources.

  • Create two top-level folders (Prod and NonProd) under the organization. Give each product team its own folder or projects beneath the appropriate environment folder, and apply security team IAM roles and Organization Policy constraints at the Prod folder.

  • Keep all projects in a single folder and have the security team add IAM Conditions to each project's policy to distinguish production from development access.

  • Create a separate Google Cloud organization for production and migrate all production projects there while leaving development projects in the current organization.

GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot