GCP Professional Cloud Security Engineer Practice Question
Your security team must provision hundreds of Google Cloud projects each quarter. Every project needs to reside in a department-specific folder, be linked to the corporate billing account, and inherit a baseline set of IAM bindings and organization policy constraints. The team wants a repeatable, auditable workflow triggered from the company's CI/CD system and reviewed in version control before execution. Which approach delivers these capabilities with the least ongoing manual effort?
Write a Deployment Manager configuration that declares the folders, projects, billing accounts, IAM bindings, and organization policies, then run gcloud deployment-manager deployments create from the CI/CD pipeline.
Grant department administrators the Project Creator role and let them create projects in the Cloud Console, then execute a nightly gcloud script to add IAM bindings and organization policies.
Maintain Terraform code (for example, the Google Cloud Project Factory module) in a Git repository and have Cloud Build apply the plan, creating folders, projects, billing links, IAM bindings, and organization policies declaratively.
Have the Organization Admin run an interactive shell script that issues gcloud commands for each project; rely on the shell history file and Cloud Audit Logs for auditing.
A Terraform configuration that uses the Google Cloud provider (or the Cloud Foundation Toolkit Project Factory module) can declaratively create folders, projects, billing links, IAM bindings, and organization policy constraints. Storing the code in a Git repository enables peer review, and a Cloud Build trigger (or another CI/CD runner) can apply the Terraform plan automatically, giving a fully automated, auditable workflow. The other options either rely on Deployment Manager-which lacks support for folders, billing links, and organization policies-or on manual console actions and ad-hoc scripts that do not offer the same level of repeatability and governance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Terraform, and why is it suitable for this approach?
Open an interactive chat with Bash
How does Cloud Build integrate with Terraform in a CI/CD workflow?
Open an interactive chat with Bash
What are IAM bindings and organization policy constraints in Google Cloud?
Open an interactive chat with Bash
What is Terraform and why is it used for cloud infrastructure automation?
Open an interactive chat with Bash
What is the Google Cloud Project Factory module in Terraform?
Open an interactive chat with Bash
How does Cloud Build integrate with Terraform for CI/CD workflows?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .