Answer-first summary for fast verification
Answer: Assign the auditors group to the predefined IAM roles 'logging.viewer' and 'bigQuery.dataViewer'.
Option A is correct because it aligns with Google's best practices of grouping individuals with similar permission needs and assigning roles to the group rather than individual users. The 'logging.viewer' and 'bigQuery.dataViewer' roles provide auditors with the necessary access to perform their tasks without granting excessive permissions. Option B is incorrect as the project editor role is overly permissive for auditors, granting unnecessary access to project resources. Option C is less ideal than A because managing permissions at the individual level is more cumbersome and less scalable than using groups. Option D is incorrect for the same reasons as B, plus it suffers from the same individual management issues as C. For more information, refer to Google's documentation on IAM roles and access management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your application handles sensitive financial customer data requiring external audits. To enable these audits, you need to set up IAM access audit logging in BigQuery according to Google's best practices. What is the recommended approach?
A
Assign the auditors group to the predefined IAM roles 'logging.viewer' and 'bigQuery.dataViewer'.
B
Grant the auditors group the role of project editor.
C
Directly assign auditor user accounts to the predefined IAM roles 'logging.viewer' and 'bigQuery.dataViewer'.
D
Directly assign auditor user accounts the role of project editor.