Answer-first summary for fast verification
Answer: 1. Create a custom role with only the required permissions. 2. Grant the DevOps team the custom role on the production projects.
Option C is correct because creating a custom role with precisely the necessary permissions and assigning it to the DevOps team specifically on production projects adheres to the principle of least privilege. This approach ensures the team has the access they need without exposing the organization to unnecessary security risks. Options A and B are incorrect as they grant overly broad permissions (the Project Editor role) either at the project or organizational level, which could lead to security vulnerabilities. Option D is incorrect because applying the custom role at the organizational level would grant the DevOps team access to all projects, including non-production ones, which is not required. This method is not aligned with the principle of least privilege and could introduce security risks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
At a large analytics company providing machine-learning services, the DevOps team requires access to all production services across multiple GCP projects to perform their duties efficiently. The goal is to grant them permissions without unnecessarily broadening their access due to future Google Cloud product changes. What is the Google-recommended practice for this scenario?
A
For every production project, provide all members of the DevOps team with the Project Editor role.
B
At the organizational level, provide all members of the DevOps team with the Project Editor role.
C
D
No comments yet.