Answer-first summary for fast verification
Answer: Assign Bob the Compute Engine Instance Admin Role for Project A.
The correct answer is **A** because the Compute Engine Instance Admin Role provides Bob with the exact permissions needed to create instances without granting unnecessary additional access. This aligns with the principle of least privilege. Options **B** and **D** are incorrect as they provide more permissions than required. Option **C** is also incorrect because a shared VPC does not inherently grant permissions to create instances. For more details, refer to the GCP documentation on Compute IAM roles: `roles/compute.instanceAdmin.v1` and `roles/compute.admin`.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To adhere to the principle of least privilege, your colleague Bob requires the ability to create new instances on Compute Engine within 'Project A'. What is the most appropriate way to grant him access without exceeding the necessary permissions?
A
Assign Bob the Compute Engine Instance Admin Role for Project A.
B
Assign Bob the Compute Engine Admin Role for Project A.
C
Establish a shared VPC that allows Bob to access Compute resources.
D
Grant Bob the Project Editor IAM role for Project A.
No comments yet.