Google Cloud Professional Cloud Security Engineer — Question 163

Your multinational organization is undergoing rapid expansion within Google Cloud. New teams and projects are added frequently. You are concerned about the potential for inconsistent security policy application and permission sprawl across the organization. You must enforce consistent standards while maintaining the autonomy of regional teams. You need to design a strategy to effectively manage IAM and organization policies at scale, ensuring security and administrative efficiency. What should you do?

Answer options

• A. Create detailed organization-wide policies for common scenarios. Instruct teams to apply the policies carefully at the project and resource level as needed.
• B. Delegate the creation of organization policies to regional teams. Centrally review these policies for compliance before deployment.
• C. Define a small set of essential organization policies. Supplement these policies with a library of optional policy templates for teams to leverage as needed.
• D. Use a hierarchical structure of folders. Implement template-based organization policies that cascade down, allowing limited customization by regional teams.

Correct answer: D

Explanation

The correct answer is D because using a hierarchical structure with cascading policies allows for consistent enforcement while providing some flexibility for regional teams. This approach balances central control with local autonomy. Options A and C suggest more flexibility but may lead to inconsistency, while option B relies too much on regional teams' compliance, risking non-uniform security practices.