Answer-first summary for fast verification
Answer: Assign the auditor with the built-in project viewer role.
The correct answer is **C** because the built-in project viewer role provides the auditor with read-only access to all project resources, which is exactly what they need to perform their audit without the risk of making any modifications. Options **A** and **D** are incorrect because the service viewer role does not provide project-wide view access, and creating custom roles is unnecessary when predefined roles meet the requirements. Option **B** is incorrect because it suggests creating a custom role with view-only project permissions, which is redundant since the built-in project viewer role already fulfills this need. For more information, refer to the [GCP IAM documentation](https://cloud.google.com/iam/docs/understanding-roles).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization has engaged a third-party company to conduct an audit on Google Cloud Platform (GCP) resources. The auditor, provided with a GSuite ID by your organization, requires read-only access to all project items to fulfill their duties. What is the most appropriate way to configure the auditor's permissions?
A
Assign the auditor with the built-in service viewer role.
B
Create a custom role with view-only project permissions and assign it to the auditor.
C
Assign the auditor with the built-in project viewer role.
D
Create a custom role with view-only service permissions and assign it to the auditor.