GCP Professional Cloud Security Engineer Practice Question
Your company operates over 150 Google Cloud projects in a single organization. The security operations team must centrally activate Security Command Center (SCC) so they can manage detectors, create mute rules, and view findings across all projects. Individual application teams should have read-only visibility into findings limited to their own projects. What is the most efficient way to configure SCC and IAM to meet these requirements?
Enable SCC Premium separately in each project using automation. Grant the security operations team the Security Center Admin role on every project and let application teams inherit Viewer permissions from the organization.
Enable SCC Premium at the organization level. Grant the security operations team the Project Owner role on all projects and grant application teams the Security Center Source Admin role at the organization level.
Enable SCC Premium at the organization level. Grant the security operations team the Security Center Admin role at the organization level, and grant each application team the Security Center Findings Viewer role on only their respective projects.
Enable the SCC Standard tier in every project. Grant the security operations team the Logging Admin role at the organization level and grant application teams the Logging Viewer role on their projects.
Activating Security Command Center at the organization level provides a single control plane and automatically onboards every current and future project, eliminating the need to manage per-project activations. Granting the security operations team the Security Center Admin role at the organization level allows them to configure services, create mute rules, and view all organization-wide findings. Giving each application team the Security Center Findings Viewer role only on its own projects limits access to read-only visibility for just those resources. The alternative options either activate SCC separately in every project, which introduces unnecessary operational overhead, use the Standard tier that lacks advanced detectors, or assign overly broad or incorrect IAM roles that fail to enforce least privilege.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Security Command Center (SCC) in Google Cloud?
Open an interactive chat with Bash
What is the difference between SCC Standard and SCC Premium?
Open an interactive chat with Bash
What does the Security Center Admin role allow in SCC?
Open an interactive chat with Bash
What is Security Command Center (SCC) in Google Cloud?
Open an interactive chat with Bash
What is the difference between SCC Standard and Premium tiers?
Open an interactive chat with Bash
What do the IAM roles used in SCC configuration mean?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .