Google Cloud Professional Cloud Security Engineer — Question 37

A customer's company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions.
Which strategy should you use to meet these needs?

Answer options

• A. Create an organization node, and assign folders for each business unit.
• B. Establish standalone projects for each business unit, using gmail.com accounts.
• C. Assign GCP resources in a project, with a label identifying which business unit owns the resource.
• D. Assign GCP resources in a VPC for each business unit to separate network access.

Correct answer: A

Explanation

The correct answer is A because creating an organization node with folders for each business unit allows for centralized management and visibility of all projects while maintaining the necessary IAM permissions. Option B is incorrect as using gmail.com accounts does not provide the necessary structure and management capabilities. Option C, while useful for resource identification, does not provide the organizational structure needed. Option D focuses on network separation rather than project organization and IAM management.