Google Cloud Professional Cloud Security Engineer Practice Exam

How should access control permissions be managed in an organization with many business units?

• A. Assign permissions to individual users
• B. Organize projects in folders
• C. Use a single IAM policy for all units
• D. Duplicate permissions across projects

The correct answer is: Organize projects in folders

Managing access control permissions effectively in an organization with multiple business units requires a structured approach to ensure both security and scalability. Organizing projects in folders is the correct method because it leverages Google Cloud's ability to provide hierarchical access control. By using folders, you can group related projects together and apply permissions at the folder level, which simplifies management. This means that when permissions are assigned to a folder, all projects contained within that folder inherit these permissions, ensuring consistent access control across related projects. This structure allows for clear delineation of permissions based on business units or departments, making it easier to manage and update access rights as organizational requirements change. Furthermore, it enhances security by preventing overly permissive access configurations, as permissions can be tailored at both the folder and project levels. In contrast, assigning permissions to individual users can lead to a fragmented and cumbersome system, making it difficult to manage and review who has access to what resources. Using a single IAM policy for all units risks over-privileging users in different business units that do not require access to certain resources. Duplicating permissions across projects would result in redundancy and increase the chances of misconfiguration, leading to potential security vulnerabilities. Therefore, organizing projects in folders represents the most efficient and secure method