ASSOCIATE-CLOUD-ENGINEER · Question #292
ASSOCIATE-CLOUD-ENGINEER Question #292: Real Exam Question with Answer & Explanation
The correct answer is A: Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps. roles/viewer gives read only access on Project, so it does not create/update any resources. roles/compute.admin gives full access to Compute Engine resources.
Question
The DevOps group in your organization needs full control of Compute Engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google's recommendations for setting permissions for the DevOps group. What should you do?
Options
- AGrant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps
- BCreate an IAM policy and grant all compute.instanceAdmin.* permissions to the policy. Attach the
- CCreate a custom role at the folder level and grant all compute.instanceAdmin.* permissions to the
- DGrant the basic role roles/editor to the DevOps group.
Explanation
roles/viewer gives read only access on Project, so it does not create/update any resources. roles/compute.admin gives full access to Compute Engine resources.
Community Discussion
No community discussion yet for this question.