Examtopics

コメント(3)

• C - Granular Control: Creating an organization-level tag allows you to precisely control which teams have access to modify organization policies by attaching the tag to relevant folders. This ensures that only authorized teams can make changes. IAM Condition: Using an IAM condition to restrict the organization policy administrator role to resources with the tag provides a flexible and efficient way to grant permissions while maintaining control. This ensures that the role is only accessible for the intended teams. Security Best Practices: This approach aligns with Google-recommended security practices by limiting access to organization policies to authorized teams and using IAM conditions to enforce appropriate controls. Administrative Efficiency: This approach simplifies administration by providing a centralized mechanism for managing permissions and ensuring that only authorized teams can modify organization policies.

  👍 2

  abdelrahman892024/10/04
• 正解だと思う選択肢: C

  It's C.

  👍 1

  json4u2024/10/15
• 正解だと思う選択肢: A

  Tags in Google Cloud are primarily designed for organizing and categorizing resources.While it's possible to create IAM conditions that reference tags (e.g., limiting the use of a role to resources with specific tags), this method is not the most intuitive or straightforward way to manage IAM policies, especially when the main goal is to provide flexible policy management for different teams. In your case, folder-based isolation with custom IAM roles is a cleaner and more intuitive way to achieve team-level control over organization policies

  👍 1

  p981pa1232025/01/22