Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Explanation:

The correct answer is D because the security team needs visibility into the projects without unnecessary privileges, aligning with the principle of least privilege. The 'Org viewer' role provides visibility at the organization level, while 'project viewer' offers the same at the project level.

Option A is incorrect because 'Org admin' grants excessive privileges beyond what's needed for visibility.
Option B is incorrect as it includes roles ('Project owner' and 'network admin') that provide more access than necessary for visibility purposes.
Option C is incorrect because 'project owner' grants more privileges than required, violating the least privilege principle.

For more details, refer to the GCP documentation on Organization & Project access control.

Explanation:

Option A is incorrect because 'Org admin' grants excessive privileges beyond what's needed for visibility.
Option B is incorrect as it includes roles ('Project owner' and 'network admin') that provide more access than necessary for visibility purposes.
Option C is incorrect because 'project owner' grants more privileges than required, violating the least privilege principle.

For more details, refer to the GCP documentation on Organization & Project access control.

Comments (0)

No comments yet.

Your customer is transitioning their corporate applications to Google Cloud Platform. The security team requires comprehensive visibility across all projects within the organization. After setting up Google Cloud Resource Manager and assigning yourself as the org admin, which Google Cloud Identity and Access Management (Cloud IAM) roles should you assign to the security team?

Real Exam

Org admin, project browser

17.6%

Project owner, network admin

11.8%

Org viewer, project owner

23.5%

Org viewer, project viewer

47.1%