GCP Professional Cloud Architect Practice Question
Your company has one Google Cloud organization. Requirements:
A central infrastructure team owns a Shared VPC host project that all workloads must attach to.
Only production workloads must be prevented from creating VM instances with external IPv4 addresses.
Each business unit (BU) needs autonomy over its own prod and dev projects. You need a resource hierarchy that minimizes duplicated policies and lets the infra team manage the host project once. Which hierarchy meets the requirements?
Put the Shared VPC host project inside a Production folder and move all development projects as children of that project so they inherit the same network configuration but can override IAM.
Create three sibling top-level folders under the Organization: Infrastructure (contains the Shared VPC host project), Production, and Non-Production; place each BU's projects inside the appropriate Production or Non-Production folder so they inherit policies from that folder.
Keep all projects directly under the Organization root; apply the external IP restriction policy manually on every production project and create the Shared VPC host project alongside them.
Create a top-level folder for every BU and, inside each, separate Production and Development sub-folders; deploy an individual Shared VPC host project in each BU's Production sub-folder.
Placing sibling folders for Production and Non-Production directly under the Organization lets you apply the "no external IPv4" organization policy only once at the Production folder and have it inherited by every production project, regardless of BU. The Infrastructure folder that contains the single Shared VPC host project sits at the same level, so the infra team can manage it without inheriting the production-only policy. Service projects for any BU can attach to that host project even when they reside in other folders. The alternative layouts either force you to duplicate the policy in every BU (separate BU folders), apply it project by project (no folders), or rely on an invalid hierarchy in which projects contain other projects.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the Shared VPC host project in Google Cloud?
Open an interactive chat with Bash
Why is the 'no external IPv4' policy applied only to the Production folder in this hierarchy?
Open an interactive chat with Bash
How does placing projects in sibling folders minimize duplicated policies?
Open an interactive chat with Bash
What is the role of a Shared VPC host project in Google Cloud architecture?
Open an interactive chat with Bash
Why is it beneficial to use sibling top-level folders like Production and Non-Production?
Open an interactive chat with Bash
How does the resource hierarchy impact policy inheritance in Google Cloud?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .