Home › GCP Professional Cloud Architect › cloudcomputing › gcppcasecurity › Which GCP design principle separates production …
Which GCP design principle separates production deploy permissions from production data-read permissions so no single person can both deploy AND read sensitive data?
ASeparation of duties (split IAM roles across distinct principals)
BDisabling audit logs
CGranting Owner to every engineer
DSharing one shared admin account across the team
Answer & Solution
Correct answer: A. Separation of duties (split IAM roles across distinct principals)
Separation of duties is a core GCP security design principle (per the exam guide §3.1). The other options collapse safeguards.
Related questions
Which GCP compliance design feature gives an architect audit-grade tamper-evident logs of Which Chrome Enterprise feature gives administrators device-aware policies and threat protWhich GCP IAM feature lets a less-privileged user temporarily assume the identity of a morWhich GCP feature lets an architect protect generative-AI deployments from prompt-injectioWhich GCP feature lets an architect enforce constraints across an entire organisation (e.gWhich GCP feature lets a workload outside GCP (e.g. AWS / Azure / on-prem) authenticate toWhich GCP service provides secure remote access to internal apps without a corporate VPN —Which GCP control lets an architect define a security perimeter around managed services (e