Answer-first summary for fast verification
Answer: Utilize predefined IAM roles for Cloud Storage and BigQuery that match the required access levels. Assign users to these roles based on their access needs for each service.
The correct answer is **B** because Google recommends using predefined IAM roles over custom or primitive roles for finer-grained access control. Predefined roles are designed to provide the least privilege necessary for specific services, enhancing security and compliance. - **Primitive roles** (Owner, Editor, Viewer) offer broad permissions and are less secure for specific access needs. - **Custom roles** should only be created if predefined roles do not meet the specific requirements. Options A and C suggest using primitive roles at different levels, which is not recommended for fine-grained access control. Option D proposes creating custom roles, which is unnecessary when predefined roles are available and suitable.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have data stored in both Cloud Storage and BigQuery datasets within Google Cloud Platform. Your goal is to secure this data by implementing three distinct access levels: administrator, read/write, and read-only, adhering to Google's recommended practices. What is the best approach to achieve this?
A
At the Project level, assign the Owner role to administrator accounts, the Editor role to read/write accounts, and the Viewer role to read-only accounts.
B
Utilize predefined IAM roles for Cloud Storage and BigQuery that match the required access levels. Assign users to these roles based on their access needs for each service.
C
At the Organization level, grant the Owner role to administrator accounts, the Editor role to read/write accounts, and the Viewer role to read-only accounts.
D
Develop three custom IAM roles with tailored policies for the necessary access levels in Cloud Storage and BigQuery. Then, assign users to the appropriate custom roles.
No comments yet.