Answer: Navigate to the project and then to the IAM section in the GCP Console to review the members and roles.

Option C is correct because the IAM section in the GCP Console provides a comprehensive list of all users and their assigned roles within the project, which is exactly what the auditors are requesting. IAM (Identity and Access Management) is designed to manage permissions for individuals and groups of users, making it the ideal tool for this task. Option A is incorrect because the command `gcloud iam service-accounts list` lists service accounts, not user-role bindings. Service accounts are used by applications and services for authentication, not for managing user permissions. Option B is incorrect because activity logs track administrative and API activity but do not list IAM users and roles. Option D is incorrect because data access logs track API requests and activity related to data access and modification, not IAM user and role assignments. For more information, refer to the Google Cloud IAM documentation: [https://cloud.google.com/iam](https://cloud.google.com/iam) and [https://cloud.google.com/iam/docs/understanding-roles](https://cloud.google.com/iam/docs/understanding-roles).

Author: LeetQuiz Editorial Team