Google Cloud Professional Cloud Security Engineer — Question 66
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?
Answer options
- A. compute.restrictSharedVpcHostProjects
- B. compute.restrictXpnProjectLienRemoval
- C. compute.restrictSharedVpcSubnetworks
- D. compute.sharedReservationsOwnerProjects
Correct answer: B
Explanation
The correct answer is B, as enabling compute.restrictXpnProjectLienRemoval prevents the deletion of the lien on a Shared VPC host project, safeguarding it from accidental removal. The other options do not provide the same level of protection specifically against the removal of the host project itself.