What Google domain and project structure should you recommend?

For this question, refer to the JencoMart case study.

The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources .

What Google domain and project structure should you recommend?
A . Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.
B . Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.
C . Create a single G Suite account to manage users with each stage of each application in its own project.
D . Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.

Answer: D

Explanation:

Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need

✑ Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation

by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized.

✑ Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action.

References: https://cloud.google.com/kms/docs/separation-of-duties