Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Your Cryptocurrency trading website's production environment is undergoing an external security audit. An Organization Policy named 'Domain Restricted Sharing' is applied at the organization node, restricting access to the GCP organization to only members of the organization’s Cloud Identity domain. The auditor requires view-only access to the project's resources. How would you grant this access?
Explanation:
Option A is incorrect because the domain restriction policy prevents the auditor from using their own Google account. Granting the Viewer role to the Auditor’s Google account would also provide unnecessary access, as it allows viewing and potential editing of resources. Option B is incorrect for similar reasons; the Security Reviewer role grants access to review security configurations, which exceeds the auditor's needs. Option C is correct because it involves creating a temporary account within the organization's domain and assigning the Viewer role, ensuring the auditor can view resources without editing capabilities. Option D is incorrect as the Security Reviewer role is overly permissive for the auditor's requirements.