Topic 1 Question 242
Your Google Cloud environment has one organization node, one folder named “Apps”, and several projects within that folder. The organizational node enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the terramearth.com organization. The “Apps” folder enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the flowlogistic.com organization. It also has the inheritFromParent: false property.
You attempt to grant access to a project in the “Apps” folder to the user [email protected].
What is the result of your action and why?
The action succeeds because members from both organizations, terramearth.com or flowlogistic.com, are allowed on projects in the “Apps” folder.
The action succeeds and the new member is successfully added to the project's Identity and Access Management (IAM) policy because all policies are inherited by underlying folders and projects.
The action fails because a constraints/iam.allowedPolicyMemberDomains organization policy must be defined on the current project to deactivate the constraint temporarily.
The action fails because a constraints/iam.allowedPolicyMemberDomains organization policy is in place and only members from the flowlogistic.com organization are allowed.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: D
Will fail because of the inheritFromParent: false option. Even if the level above has the right permissions, it will not inherit into the lower levels.
👍 3JoaquinJimenezGarcia2023/12/11 - 正解だと思う選択肢: D
The correct answer is D. The action fails because a constraints/iam.allowedPolicyMemberDomains organization policy is in place and only members from the flowlogistic.com organization are allowed.
The inheritFromParent: false property on the “Apps” folder means that it does not inherit the organization policy from the organization node. Therefore, only the policy set at the folder level applies, which allows only members from the flowlogistic.com organization. As a result, the attempt to grant access to the user [email protected] fails because this user is not a member of the flowlogistic.com organization.
👍 2MisterHairy2023/11/21 - 正解だと思う選択肢: D👍 2GoReplyGCPExam2023/12/09
シャッフルモード