A startup is bootstrapping a Google Cloud organization for DevOps. They need to create a project for their CI/CD tooling and a separate project for logging and monitoring. What is the recommended way to structure the resource hierarchy?
Using a folder allows inheritance of IAM policies and organization policies, simplifying management.
Why this answer
Option D is correct because the recommended Google Cloud resource hierarchy for DevOps bootstrapping is to create a folder (e.g., 'DevOps') under the organization node and place both projects inside it. This structure allows centralized policy inheritance (e.g., IAM, org policies) and shared billing via a single billing account, while maintaining logical separation between CI/CD and logging/monitoring workloads. It aligns with Google's best practices for multi-project isolation without unnecessary organizational complexity.
Exam trap
Google Cloud often tests the misconception that projects must be placed directly under the organization node or that separate billing accounts are required for isolation, but the correct approach is to use folders for grouping and a shared billing account to maintain centralized control and policy inheritance.
How to eliminate wrong answers
Option A is wrong because using a single project with labels for environment differentiation violates the principle of workload isolation; labels are metadata for filtering, not a security or policy boundary, and cannot enforce separate IAM roles or resource quotas for CI/CD vs. logging. Option B is wrong because creating both projects directly under the organization node with separate billing accounts introduces unnecessary billing overhead and loses the ability to apply common folder-level policies; Google recommends using folders for grouping related projects. Option C is wrong because creating a separate organization for each project is excessive and unsupported—Google Cloud organizations are designed to contain multiple projects, and creating multiple organizations would require separate domains and break centralized management.