Google Cloud Professional Cloud Architect — Question 21

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?

Answer options

• A. The effective policy is determined only by the policy set at the node
• B. The effective policy is the policy set at the node and restricted by the policies of its ancestors
• C. The effective policy is the union of the policy set at the node and policies inherited from its ancestors
• D. The effective policy is the intersection of the policy set at the node and policies inherited from its ancestors

Correct answer: C

Explanation

The correct answer is C because the effective policy at a given node is the combination of the policy set at that node and any policies inherited from its ancestors. Answer A is incorrect as it ignores inherited policies, B is incorrect as it suggests a restriction rather than a combination, and D is incorrect since it implies a limiting intersection instead of a union of policies.