Google Professional Cloud DevOps Engineer
Get started today
Ultimate access to all questions.
Your team is designing a Cloud Monitoring workspace to oversee multiple projects. To adhere to the principle of least privilege, which role should be assigned to the Compute Engine instances' service account for sending metric data to Cloud Monitoring?
Your team is designing a Cloud Monitoring workspace to oversee multiple projects. To adhere to the principle of least privilege, which role should be assigned to the Compute Engine instances' service account for sending metric data to Cloud Monitoring?
Real Exam
Explanation:
The correct answer is Monitoring Metric Writer, as it provides the necessary permissions for writing metrics to Cloud Monitoring without granting excessive access. Other options like Monitoring Admin and Logging Admin offer more permissions than needed, while Logs Configuration Writer is specific to Cloud Logging access. Reference: Control access with IAM.