Examtopics

Professional Cloud Security Engineer

220
222

Topic 1 Question 221
You define central security controls in your Google Cloud environment. For one of the folders in your organization, you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later, you receive an alert about a new VM with an external IP address under that folder.

What could have caused this alert?
- The VM was created with a static external IP address that was reserved in the project before the organizational policy rule was set.
- The organizational policy constraint wasn't properly enforced and is running in "dry run" mode.
- A project level, the organizational policy control has been overwritten with an "allow" value.
- The policy constraint on the folder level does not have any effect because of an "allow" value for that constraint on the organizational level.
ユーザの投票
コメント(11)
- 正解だと思う選択肢: A
  A - Organization policy is checked wnen new resource are created, or modified, so when IP was reserved before it migt not trigger Org policy.
  
  👍 2
  gcp4test2023/08/04
- 正解だと思う選択肢: C
  C. A project level, the organizational policy control has been overwritten with an "allow" value.
  
  👍 2
  ymkk2023/08/16
- 正解だと思う選択肢: C
  C should be correct https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy
  
  👍 2
  Simon66662023/08/17
シャッフルモード

220
222