Answer-first summary for fast verification
Answer: 1. Create a temporary account for the auditor within Cloud Identity. 2. Assign the Viewer role on the project to this account.
Option A is incorrect because the domain restriction policy prevents the auditor from using their own Google account. Granting the Viewer role to the Auditor’s Google account would also provide unnecessary access, as it allows viewing and potential editing of resources. Option B is incorrect for similar reasons; the Security Reviewer role grants access to review security configurations, which exceeds the auditor's needs. Option C is correct because it involves creating a temporary account within the organization's domain and assigning the Viewer role, ensuring the auditor can view resources without editing capabilities. Option D is incorrect as the Security Reviewer role is overly permissive for the auditor's requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your Cryptocurrency trading website's production environment is undergoing an external security audit. An Organization Policy named 'Domain Restricted Sharing' is applied at the organization node, restricting access to the GCP organization to only members of the organization’s Cloud Identity domain. The auditor requires view-only access to the project's resources. How would you grant this access?
A
Assign the Viewer role on the project to the Auditor’s Google account.
B
Assign the Security Reviewer role on the project to the auditor’s Google account.
C
D
No comments yet.