Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Your customer is transitioning their corporate applications to Google Cloud Platform. The security team requires comprehensive visibility across all projects within the organization. After setting up Google Cloud Resource Manager and assigning yourself as the org admin, which Google Cloud Identity and Access Management (Cloud IAM) roles should you assign to the security team?
Your customer is transitioning their corporate applications to Google Cloud Platform. The security team requires comprehensive visibility across all projects within the organization. After setting up Google Cloud Resource Manager and assigning yourself as the org admin, which Google Cloud Identity and Access Management (Cloud IAM) roles should you assign to the security team?
Explanation:
The correct answer is D because the security team needs visibility into the projects without unnecessary privileges, aligning with the principle of least privilege. The 'Org viewer' role provides visibility at the organization level, while 'project viewer' offers the same at the project level.
- Option A is incorrect because 'Org admin' grants excessive privileges beyond what's needed for visibility.
- Option B is incorrect as it includes roles ('Project owner' and 'network admin') that provide more access than necessary for visibility purposes.
- Option C is incorrect because 'project owner' grants more privileges than required, violating the least privilege principle.
For more details, refer to the GCP documentation on Organization & Project access control.