Answer-first summary for fast verification
Answer: Review the IAM permissions for every role that grants data access to identify users with read permissions.
The correct answer is **D** because reviewing IAM permissions is essential to determine who has read access to data in the production GCP project. IAM provides detailed access control and permission management for GCP resources, making it the most direct method to identify users with data access. - **A** is incorrect as creating a Data Loss Prevention job focuses on detecting and protecting sensitive data rather than identifying who can access it. - **B** is incorrect because Identity-Aware Proxy settings are not universally applicable across all services (e.g., Cloud Storage) and do not provide a comprehensive view of data access permissions. - **C** is incorrect because enabling Audit Logs records activities but does not directly show who has access to the data. For more information, visit: [Google Cloud IAM Documentation](https://cloud.google.com/compute/docs/access).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
During a mock audit of your GCP environment by your security team at a large fin-tech company, they inquire about who can access data stored in the production GCP project. What is the most appropriate action to take?
A
Create a Data Loss Prevention job to identify sensitive data access.
B
Examine the Identity-Aware Proxy settings for each resource to understand access controls.
C
Enable Audit Logs for all APIs related to data storage to track activities.
D
Review the IAM permissions for every role that grants data access to identify users with read permissions.
No comments yet.