Answer-first summary for fast verification
Answer: Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
The correct answer is C. Given that the security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain, sharing resources with accounts outside your Cloud Identity domain isn't allowed. Therefore, options A and B, which involve using the auditor's Google account, aren't feasible. Creating a temporary account for the auditor within your Cloud Identity domain and giving that account the Viewer role on the project ensures that the auditor can view but not modify the resources.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your management has requested an external auditor to review all resources within a designated project in your Google Cloud environment. To ensure security, the security team has implemented the Domain Restricted Sharing Organization Policy at the organization level, limiting access to only users within your Cloud Identity domain. Your goal is to configure access such that the auditor can only view the resources in the specified project without having the ability to modify them. What action should you take?
A
Ask the auditor for their Google account, and give them the Viewer role on the project.
B
Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
C
Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
D
Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.
No comments yet.