Topic 1 Question 106
2 つ選択You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements: ✑ Each business unit manages access controls for their own projects. ✑ Each business unit manages access control permissions at scale. ✑ Business units cannot access other business units' projects. ✑ Users lose their access if they move to a different business unit or leave the company. ✑ Users and access control permissions are managed by the on-premises directory service. What should you do?
Use VPC Service Controls to create perimeters around each business unit's project.
Organize projects in folders, and assign permissions to Google groups at the folder level.
Group business units based on Organization Units (OUs) and manage permissions based on OUs
Create a project naming convention, and use Google's IAM Conditions to manage access based on the prefix of project names.
Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity.
ユーザの投票
コメント(3)
I will take B & E. Makes sense for the OUs to have their own folders and respective projects under their folders. This will make each OU independent from one another in terms of environments, and will not be able to communicate with one another unless shared VPC/VPC peering is utilized.
And E is fairly obvious, as they want to manage their users from on-prem directory, hence GCDS.
👍 3TheBuckler2022/10/07Agreed…B & E
👍 2Rightsaidfred2022/11/17- 正解だと思う選択肢: BE
B and E
👍 2pedrojorge2023/01/26
シャッフルモード