Answer-first summary for fast verification
Answer: Assign the roles/logging.privateLogViewer role to a group with all the security team members.
The principle of least privilege recommends giving users only the permissions they need to perform their tasks. In this scenario, the security team needs read-only access to Data Access audit logs in the _Required bucket. The roles/logging.privateLogViewer role is specifically designed for viewing logs, including Data Access audit logs, making it the most appropriate choice. Assigning this role to a group that includes all security team members (Option D) is more efficient and scalable than assigning the role to each member individually (Option C). Options A and B suggest using the roles/logging.viewer role, which provides broader permissions than necessary for this specific requirement, thus not adhering to the principle of least privilege.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To grant your company's security team read-only access to Data Access audit logs in the _Required bucket while adhering to the principle of least privilege and Google-recommended practices, what steps should you take?
A
Assign the roles/logging.viewer role to each member of the security team.
B
Assign the roles/logging.viewer role to a group with all the security team members.
C
Assign the roles/logging.privateLogViewer role to each member of the security team.
D
Assign the roles/logging.privateLogViewer role to a group with all the security team members.
No comments yet.