Explanation:
Option C is the correct answer because it follows Google Cloud security best practices for team-based access to Vertex AI Workbench. It creates a dedicated service account with the Vertex AI User role, which provides necessary permissions for Vertex AI services. Team members are granted the Service Account User role to impersonate this service account, and the Notebook Viewer role allows them to view and run notebooks without modification rights. This approach ensures proper isolation and access control. Option A is incorrect because granting only the Notebook Viewer role to the service account is insufficient for Vertex AI resource access. Option B is not recommended as it uses the default Compute Engine service account, which poses security risks. Option D is suboptimal because it relies on a single user account, which is not scalable and creates security vulnerabilities.
Ultimate access to all questions.
No comments yet.
You are collaborating with your team on a model prototype. You need to create a Vertex AI Workbench environment that is accessible to your team members but restricted from other employees in your project. What should you do?
A
B
C
D