GCP Professional Cloud Architect Practice Question
Your company's Google Cloud projects are scattered under the "No organization" node because individual engineers created them with personal Gmail accounts. Security leadership wants to enforce company-wide IAM policies, Cloud Audit Logs exports, and Organization Policy constraints from a single root. As the newly appointed cloud architect, what is the most effective first step to establish the required control plane with minimal service disruption?
Grant the security team Project Owner on every existing project and use per-project IAM and Organization Policy updates scripted through Deployment Manager.
Provision Cloud Identity (or Google Workspace) for the company's verified domain to automatically create an Organization resource, then migrate the existing projects under it.
Set up a dedicated host project with Shared VPC and force all teams to attach their service projects to it for centralized control.
Create a top-level folder called "Corp-Root", move all projects into it, and apply IAM and Organization Policy at the folder level.
Google Cloud lets enterprises anchor all resources under an Organization node that is automatically created when the company provisions a Cloud Identity or Google Workspace account and verifies its primary domain. Projects that currently reside under the "No organization" node cannot inherit org-level IAM or Organization Policy constraints, so central governance is impossible until an Organization resource exists. Therefore, the correct first action is to create (or enable) Cloud Identity or Google Workspace for the corporate domain, which automatically provisions the Organization resource. You can then migrate each existing project into that Organization and optionally create folders to mirror business units.
Incorrect answers:
Moving projects into a top-level folder is impossible without an Organization node because folders must be children of an Organization.
Granting security admins roles on every individual project scales poorly and does not provide a single inheritance point.
A shared VPC host project improves network segmentation but does not create an Organization resource or solve centralized policy enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Google Cloud Organization resource and why is it important?
Open an interactive chat with Bash
How do you migrate projects from 'No organization' node to an Organization resource?
Open an interactive chat with Bash
What are the benefits of creating folders within an Organization resource in Google Cloud?
Open an interactive chat with Bash
What is Cloud Identity or Google Workspace in the context of Google Cloud?
Open an interactive chat with Bash
What is an Organization resource in Google Cloud?
Open an interactive chat with Bash
How can projects be migrated under an Organization resource?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .