PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #343
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #343: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to reveal the answer and full explanation for question #343. The question stem and answer options stay visible for context.
Question
Your organization leverages folders to represent different teams within your Google Cloud environment. To support Infrastructure as Code (IaC) practices, each team receives a dedicated service account upon onboarding. You want to ensure that teams have comprehensive permissions to manage resources within their assigned folders while adhering to the principle of least privilege. You must design the permissions for these team-based service accounts in the most effective way possible. What should you do?
Options
- AGrant each service account the folder administrator role on its respective folder.
- BGrant each service account the project creator role at the organization level and use folder-level
- CAssign each service account the project editor role at the organization level and instruct teams to
- DAssign each service account the folder IAM administrator role on its respective folder to allow
Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-SECURITY-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.