🔥 3-day streak
Professional Cloud Architect101 / 169
Question 101 of 169

A financial services company grants broad Editor roles to several project owners for agility. The security team must ensure that, regardless of any IAM allow bindings, no principal outside the company's security group can ever delete Cloud KMS keys or key versions across the entire organization — even if a project owner mistakenly grants such permissions. Which approach best enforces this organization-wide restriction?

Reviewed for accuracy · Report an issueNext question