Answer-first summary for fast verification
Answer: Use Policy Analyzer to query the permissions compute.firewalls.create or compute.firewalls.update or compute.firewalls.delete.
The question asks to identify principals who can change firewall rules, which means identifying users with permissions to create, update, or delete firewall rules. Option D directly addresses this by using Policy Analyzer to query the specific permissions compute.firewalls.create, compute.firewalls.update, and compute.firewalls.delete. This approach precisely targets the required permissions for modifying firewall rules. The community discussion shows 100% consensus on D, with multiple comments explaining that Policy Analyzer is the correct tool for analyzing IAM permissions and identifying principals with specific permissions. Option A queries read-only permissions (get/list), which doesn't identify who can change rules. Option B (Firewall Insights) focuses on usage patterns, not permission analysis. Option C (Security Health Analytics) identifies vulnerabilities in existing firewall configurations, not who can modify them.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are auditing all Google Cloud resources in your production project and need to identify all principals with permissions to modify firewall rules. What should you do?
A
Use Policy Analyzer to query the permissions compute.firewalls.get or compute.firewalls.list.
B
Use Firewall Insights to understand your firewall rules usage patterns.
C
Reference the Security Health Analytics – Firewall Vulnerability Findings in the Security Command Center.
D
Use Policy Analyzer to query the permissions compute.firewalls.create or compute.firewalls.update or compute.firewalls.delete.
No comments yet.