Google Cloud Professional Cloud Security Engineer — Question 41

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

Answer options

• A. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.
• B. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.
• C. In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.
• D. In Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.

Correct answer: A

Explanation

The correct answer is A because creating a compute.trustedimageProjects constraint at the organization level with a whitelist allows only specified projects to be used for boot disk images. Option B incorrectly uses a deny operation, which would block access rather than allow it. Options C and D do not implement the necessary organization policy constraints for limiting image sources.