Question 16

Question

A customer’s company has multiple business units. Each business unit operates independently, and
each has their own engineering group. Your team wants visibility into all projects created within the
company and wants to organize their Google Cloud Platform (GCP) projects based on different
business units. Each business unit also requires separate sets of IAM permissions.
Which strategy should you use to meet these needs?

Accepted Answer

Create an organization node, and assign folders for each business unit.

Ryan B. · Answer

A. saw similar structure question on practice exams and folders give the IAM control per unit.

Jamie · Answer

A . Folders under an organization node are the only way to actually separate IAM at scale, since labels (C) don't enforce access. I've seen people trip over this on similar practice questions. Labeling helps with tracking but not permissions.

Adam Z. · Answer

I don't think C works here, labels won't control IAM separation. It's A, folders give real isolation for each group.

Adam Z. · Answer

A makes more sense here. Labels in C can help track ownership but don't give you the IAM separation across business units. Using folders under the org node lets you apply policies at the right level and keep things organized. Pretty sure that's Google's recommended way.

Chris I. · Answer

GCP org structure is so convoluted sometimes. Its C, using labels to tag projects for units.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE