Google Cloud Professional Cloud Security Engineer Practice Exam

How should you allow an external partner's domain access to your Google Cloud project while adhering to best practices?

• A. Make the project public for collaboration
• B. Turn off the policy, add the domain, and re-enable
• C. Only whitelist the external partner's IP addresses
• D. Add the partner's domain as a service account

The correct answer is: Turn off the policy, add the domain, and re-enable

Allowing an external partner's domain access to a Google Cloud project while ensuring security and adhering to best practices involves carefully managing permissions and access controls. The selected approach, which entails turning off the policy, adding the domain, and then re-enabling the policy, provides a strategic way to ensure that the external domain can be granted the necessary permissions without exposing the project to unnecessary risks. This method allows for the temporary modification of access controls to include the partner's domain, ensuring that only the necessary entities can access the project. By re-enabling the policy after making the change, it ensures that any existing restrictive settings remain in place for all other users and domains, thus maintaining a secure environment. In contrast, making the project public for collaboration would expose your Google Cloud resources to all users, thereby posing significant security risks. It is crucial to limit access to only those who require it for their specific tasks. Whitelisting only the external partner's IP addresses offers a narrow approach and may not be practical or effective since IP addresses can change and multiple users may connect from different networks. Additionally, it does not account for broader collaboration needs or changes in the partner's operational infrastructure. Adding the partner's domain as a service account might suggest a method of management,