Answer-first summary for fast verification
Answer: Assign the Storage Admin role in the Logging Project to the Cloud Build Service account of the Production Project.
To comply with the security requirement, the Cloud Build Service account from the Production Project must be granted the Storage Admin role in the Logging Project. This permission enables the service account to store logs in the designated bucket. Options C and D are incorrect because the necessary permissions must be applied in the Logging Project, not the Production Project. Option B is insufficient as the Project Viewer role does not provide the necessary permissions for Cloud Build to upload logs. For more details, refer to the [Google Cloud documentation](https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs#store-custom-bucket).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your Site Reliability Engineering (SRE) team is overseeing the Continuous Integration and Continuous Deployment (CI/CD) processes within your organization, utilizing Google Cloud Platform (GCP) Projects to segregate environments. The pipeline integrates Cloud Source Repository, Cloud Build, and Spinnaker. A security mandate requires directing Cloud Build logs from the Production Project to a custom bucket in a dedicated Logging Project. What action should you take to fulfill this requirement?
A
Assign the Storage Admin role in the Logging Project to the Cloud Build Service account of the Production Project.
B
Assign the Project Viewer role in the Logging Project to the Cloud Build Service account of the Production Project.
C
Assign the Storage Admin role in the Production Project to the Cloud Build Service account of the Production Project.
D
Assign the Project Viewer role in the Production Project to the Cloud Build Service account of the Production Project.
No comments yet.