Google Cloud Associate Cloud Engineer — Question 268

Your organization is migrating to Google Cloud. You want only users with company-issued Google accounts to access your Google Cloud environment. You must ensure that users of the same department can only access resources within their own department. You want to minimize operational costs while following Google-recommended practices. What should you do?

Answer options

• A. Assign users to the relevant Google Groups, and provide access to cloud resources through Identity and Access Management (IAM) roles. Periodically identify and remove non-company issued Google accounts.
• B. Assign users to the relevant Google Groups, and provide access to cloud resources through Identity and Access Management (IAM) roles. Use organization policies to block non-company issued emails.
• C. Create a folder for each department in Resource Manager. Grant the users of each department the Folder Admin role on the folder of their department.
• D. Create a folder for each department in Resource Manager. Grant all company users the Folder Admin role on the organization level.

Correct answer: B

Explanation

The correct answer is B because it allows you to utilize Google Groups for managing access while enforcing organization policies to block non-company emails, ensuring secure access according to best practices. Option A does not prevent access from non-company accounts effectively, while options C and D do not provide the necessary access restrictions based on departmental boundaries.