Google Cloud Professional Cloud Security Engineer — Question 179
Your Google Cloud organization is subdivided into three folders: production, development, and networking, Networking resources for the organization are centrally managed in the networking folder. You discovered that projects in the production folder are attaching to Shared VPCs that are outside of the networking folder which could become a data exfiltration risk. You must resolve the production folder issue without impacting the development folder. You need to use the most efficient and least disruptive approach. What should you do?
Answer options
- A. Enable the Restrict Shared VPC Host Projects organization policy on the production folder. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.
- B. Enable the Restrict Shared VPC Host Projects organization policy on the networking folder only. Create a new custom rule and configure the policy type to Allow. In the Custom value section, enter under:organizations/123456739123.
- C. Enable the Restrict Shared VPC Host Projects organization policy at the project level for each of the production projects. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.
- D. Enable the Restrict Shared VPC Host Projects organization policy at the organization level. Create a custom rule and configure the policy type to Allow. In the Custom value section, enter under:folders/networking.
Correct answer: A
Explanation
The correct answer is A because enabling the policy at the production folder level specifically restricts Shared VPC attachments while not affecting the development folder. Option B incorrectly applies the policy only to the networking folder, which won't resolve the production folder's issue. Option C would require changes at the project level, leading to a more disruptive approach. Option D is too broad and affects the entire organization, which is not needed in this scenario.