PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #174: Real Exam Question with Answer & Explanation

Question

You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?

Options

• AGrant relevant team members read access to all GCP production projects. Create Stackdriver
• BGrant relevant team members the Project Viewer IAM role on all GCP production projects. Create
• CChoose an existing GCP production project to host the monitoring workspace. Attach the
• DCreate a new GCP monitoring project and create a Stackdriver Workspace inside it. Attach the

Explanation

Creating a dedicated GCP monitoring project with its own Cloud Monitoring workspace and attaching only production projects to it is the cleanest approach for several reasons: it separates monitoring concerns from application projects, prevents false alerts from dev/staging (since those are not attached), and allows you to grant relevant team members access only to the monitoring project rather than to every production project directly - adhering to least privilege. Options A and B grant broad access to all production projects, which violates least privilege. Option C repurposes an existing production project as the monitoring host, mixing concerns and complicating access control.

No community discussion yet for this question.