ASSOCIATE-CLOUD-ENGINEER Question #136: Real Exam Question with Answer & Explanation

Question

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

Options

• AAsk the auditor for their Google account, and give them the Viewer role on the project.
• BAsk the auditor for their Google account, and give them the Security Reviewer role on the project.
• CCreate a temporary account for the auditor in Cloud Identity, and give that account the Viewer
• DCreate a temporary account for the auditor in Cloud Identity, and give that account the Security

Explanation

roles/viewer Read access to all resources. Get and list access for all resources. Using primitive roles The following table lists the primitive roles that you can grant to access a project, the description of what the role does, and the permissions bundled within that role. Avoid using primitive roles except when absolutely necessary. These roles are very powerful, and include a large number of permissions across all Google Cloud services. For more details on when you should use primitive roles, see the Identity and Access Management FAQ. IAM predefined roles are much more granular, and allow you to carefully manage the set of permissions that your users have access to. See Understanding Roles for a list of roles that can be granted at the project level. Creating custom roles can further increase the control you have over user permissions. https://cloud.google.com/resource-manager/docs/access-control-proj#using_primitive_roles

No community discussion yet for this question.