nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #311

You work for an ecommerce company, and you are responsible for deploying and managing multiple APIs. The operations team wants to review the traffic patterns in the orders-prod and users-prod environm

The correct answer is B. Assign the Apigee Analytics Viewer IAM role to the operations team for both environments. Use. The correct answer is B because it follows two Google-recommended IAM best practices: (1) Use the Apigee Analytics Viewer role, which grants least-privilege access specifically for viewing analytics data - not the broader Apigee API Reader role used in options C and D. (2) Assign

Implementing API Security

Question

You work for an ecommerce company, and you are responsible for deploying and managing multiple APIs. The operations team wants to review the traffic patterns in the orders-prod and users-prod environments. These are the only environments in the store-prod environment group. You want to follow Google-recommended practices. What should you do?

Options

  • AAssign the Apigee Analytics Viewer IAM role to the operations team for both environments. Use
  • BAssign the Apigee Analytics Viewer IAM role to the operations team for both environments. Use
  • CAssign the Apigee API Reader IAM role to each user of the operations team for both
  • DAssign the Apigee API Reader IAM role to each user of the operations team for both

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    84% (27)
  • C
    9% (3)
  • D
    3% (1)

Explanation

The correct answer is B because it follows two Google-recommended IAM best practices: (1) Use the Apigee Analytics Viewer role, which grants least-privilege access specifically for viewing analytics data - not the broader Apigee API Reader role used in options C and D. (2) Assign the role to a Google Group representing the operations team rather than to each individual user. Managing access via groups reduces administrative overhead: when team members join or leave, you only update group membership rather than re-managing IAM bindings per person. Option A likely assigns the correct role but to individual users (violating the group best practice), while C and D use the wrong role (Apigee API Reader is for reading API configurations, not analytics data).

Topics

#Apigee X#IAM Roles#API Analytics#Access Control

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice