A new intern has joined your team and requires access to Google Compute Engine within your sandbox project to experiment with various settings and launch compute instances for testing purposes. You are tasked with providing this access. What is the most appropriate way to grant the intern access to Compute Engine without exceeding the necessary permissions?

Real Exam

Explanation:

The correct answer is to Grant Compute Engine Instance Admin Role for the sandbox project. This role provides the intern with full control over Compute Engine instances, instance groups, disks, snapshots, and images, along with read access to all Compute Engine networking resources, without granting unnecessary permissions.

Option A (Create a shared VPC) is incorrect because shared VPCs are designed for connecting resources across multiple projects within a common network, not for granting individual access to compute resources.
Option B (Grant Project Editor IAM role) is too permissive, as it allows the intern to modify any resource within the project, exceeding the required access level.
Option C (Grant Compute Engine Admin Role) also provides more permissions than needed, including control over networks and load balancing, which are not required for the intern's tasks.

For more details, refer to the Google Cloud IAM documentation.

Powered ByGPT-5

Google Associate Cloud Engineer

Get started today

Google Associate Cloud Engineer

Get started today