🔥 3-day streak
Professional Cloud Architect120 / 169
Question 120 of 169
A financial services company must ensure that IAM policies across all Google Cloud projects can only grant access to identities belonging to its corporate Cloud Identity domain. Auditors have flagged the risk of employees accidentally granting roles to personal Gmail accounts or external contractor accounts. The Cloud Architect wants a preventive, organization-wide control that blocks such grants automatically rather than relying on periodic manual review. Which approach best meets this requirement?
Reviewed for accuracy · Report an issueNext question