Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
Your organization is implementing separation of duties in a Google Cloud project. A group of developers needs to deploy new code but must not have permissions to modify network firewall rules. What should you do?
A
Assign the network administrator IAM role to all developers. Tell developers not to change firewall settings.
B
Use Access Context Manager to create conditions that allow only authorized administrators to change firewall rules based on attributes such as IP address or device security posture.
C
Create and assign two custom IAM roles. Assign the deployer role to control Compute Engine and deployment-related permissions. Assign the network administrator role to manage firewall permissions.
D
Grant the editor IAM role to the developer group. Explicitly negate any firewall modification permissions by using IAM deny policies.
