Google Cloud Professional Cloud Security Engineer — Question 241

A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.
What should you do to meet these requirements?

Answer options

• A. Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
• B. Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
• C. Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
• D. Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.

Correct answer: A

Explanation

The correct answer is A because creating a Folder per department and assigning the Project Viewer role to the Google Group ensures that all department members have read-only access to all projects within that Folder. Options B, C, and D do not meet the requirement for read-only access or involve setting up projects instead of folders, which does not facilitate the desired access control for all new projects automatically.