You are using GCP services across multiple projects. You want to ensure that only the security team can modify VPC settings. Where should you set this IAM policy for maximum efficiency and control?
Choose an answer
Tap an option to check your answer.
Correct answer: At the folder level that contains all related projects.
Why this is the answer
Setting the IAM policy at the folder level that contains all related projects is the most efficient and controlled approach. This allows you to apply a single policy that governs VPC settings across all projects within that folder, ensuring consistent security enforcement. Applying policies at the organization level would be too broad, potentially affecting projects not managed by the security team. Setting policies at each project level or each VPC would be inefficient and prone to inconsistencies across multiple projects. Applying policies at each individual resource is overly granular and unmanageable for VPC settings. IAM policies are specifically designed to control access to GCP resources, including VPC settings, so stating it cannot control them is incorrect.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed