Answer-first summary for fast verification
Answer: Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
The networking team needs to read firewall rules without the ability to create, modify, or delete them, and also needs to manage networking resources. The compute.networkUser role (A) does not provide the necessary permissions to manage networking resources. The compute.networkAdmin role (B) includes permissions to modify firewall rules, which exceeds the requirements. The compute.networkViewer role (D) with an added compute.networks.use permission does not provide the necessary permissions to manage networking resources. A custom role (C) with compute.networks.* for full network management and compute.firewalls.list for read-only access to firewall rules perfectly matches the requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
What is the recommended approach to configure IAM permissions for the networking team, allowing them read-only access to firewall rules while preventing creation, modification, or deletion privileges, given that firewall management is handled by a separate security team?
A
Assign members of the networking team the compute.networkUser role.
B
Assign members of the networking team the compute.networkAdmin role.
C
Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
D
Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
No comments yet.