Answer-first summary for fast verification
Answer: Assign Bob the Compute Engine Instance Admin Role for Project A.
The correct answer is **A** because it aligns with the principle of least privilege by providing Bob only the permissions necessary to create instances, through the Compute Engine Instance Admin Role. Options **B** and **D** are incorrect as they grant broader permissions than needed. Option **C** is also incorrect because a shared VPC does not inherently provide the ability to create instances. For more details, refer to the GCP documentation on Compute IAM roles: `roles/compute.instanceAdmin.v1` and `roles/compute.admin`.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To adhere to the principle of least privilege, your colleague Bob requires the ability to create new instances on Compute Engine in 'Project A'. What is the most appropriate way to grant him access without exceeding the necessary permissions?
A
Assign Bob the Compute Engine Instance Admin Role for Project A.
B
Assign Bob the Compute Engine Admin Role for Project A.
C
Establish a shared VPC for Bob to access Compute resources from.
D
Grant Bob the Project Editor IAM role for Project A.
No comments yet.