You've been tasked with adding a new IAM member and granting them the necessary permissions to run queries on BigQuery. Adhering to Google's recommended best practices and the principle of least privilege, how would you assign the access?

Real Exam

Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles directly to the users

10.0%

Create a custom role combining roles/bigquery.dataViewer and roles/bigquery.jobUser; assign this custom role to the users

15.0%

Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles to a group; then add users to this group

55.0%

Create a custom role combining roles/bigquery.dataViewer and roles/bigquery.jobUser; assign this custom role to a group; then add users to this group

20.0%

Google Associate Cloud Engineer