GCP Professional Cloud Architect Practice Question
Your company hosts its SaaS application in a single Google Cloud project that is attached as a service project to a central Shared VPC host. Developers complain that continuous integration jobs intermittently fail because project-level Cloud Build and Artifact Registry API quota is exhausted by production traffic. Internal auditors also need strict separation of IAM policies and audit logs between development and production environments. The networking topology must remain unchanged. Which design change best meets these requirements with minimal re-architecture?
Create two new folders named dev and prod under the organization and move the current project into the prod folder while granting environment-specific IAM at the folder level.
Register two additional Cloud Identity tenants to form separate organizations for dev and prod, then move resources so each organization owns its own project and VPC.
Create separate development and production projects under the existing folder, attach each as a service project to the current Shared VPC host, and migrate the respective workloads.
Retain a single project and isolate workloads through Kubernetes namespaces combined with VPC Service Controls to enforce environment separation.
Creating distinct development and production projects gives each environment its own quota pool, its own Cloud Audit Logs, and fully independent IAM policies, satisfying both the engineering and audit requirements. Because a Shared VPC network can be reused by multiple service projects, the new projects can attach to the existing host project without changing any subnet, firewall-rule, or peering configuration. Merely placing the existing project into different folders or relying on namespaces or VPC Service Controls keeps the same project, so quotas, logs, and many IAM bindings would still be shared. Spinning up separate organizations is unnecessary overhead and would break the current Shared VPC design, since Shared VPC cannot cross organization boundaries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Shared VPC in Google Cloud?
Open an interactive chat with Bash
Why does separating development and production projects improve quota management?
Open an interactive chat with Bash
How does IAM differ at the project level compared to the folder level?
Open an interactive chat with Bash
What is a Shared VPC in Google Cloud?
Open an interactive chat with Bash
Why is project separation recommended for quota management?
Open an interactive chat with Bash
How does separating projects help with IAM and auditing?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .