You are developing an incident response plan and need to define an access strategy for your DevOps team to investigate a deployment issue in Google Cloud. The strategy must adhere to two requirements:

Enforce least-privilege access at all times.

The DevOps team can only access required resources during the deployment incident.

How should you grant access while following Google-recommended best practices?

Exam-Like

Assign the Project Viewer Identity and Access Management (IAM) role to the DevOps team.

Create a custom IAM role with limited list/view permissions, and assign it to the DevOps team.

Create a service account, and grant it the Project Owner IAM role. Give the Service Account User Role on this service account to the DevOps team.

Create a service account, and grant it limited list/view permissions. Give the Service Account User Role on this service account to the DevOps team.

Google Professional Cloud Security Engineer