Google Professional-Cloud-Architect Exam With Confidence Using Practice Dumps

Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized.

Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action.

According to the Apigee API Platform documentation, the Quota policy is the primary mechanism used to enforce business-level constraints by limiting the number of request messages an API proxy allows over a specific period of time (such as a minute, hour, day, week, or month). For a media company like Altostrat, which aims to "unlock new revenue streams through targeted marketing" and "drive revenue growth," managing API consumption is critical for cost predictability and monetization strategies.

Google Cloud distinguishes between Spike Arrest and Quota policies. While Spike Arrest is designed for operational safety—protecting backend systems from sudden traffic bursts—the Quota policy is specifically used to enforce business contracts, Service Level Agreements (SLAs), and cost management. By configuring a Quota policy, Altostrat can ensure that no single consumer or application exceeds the total volume of calls that would result in unexpected infrastructure costs or exceed the limits of their current subscription tier.

Options A and B (API Key and OAuth) are essential for authentication and authorization—identifying who is making the call—but they do not inherently limit the volume of calls. Option D (XML threat protection) is a security measure to prevent malformed payload attacks. Therefore, to meet the specific business requirement of "Reliability and cost management," implementing Quota policies within Apigee is the architecturally correct choice to prevent API abuse and manage operational expenditure.