Google Exam Associate-Cloud-Engineer Topic 6 Question 71 Discussion

Actual exam question for Google's Google Associate Cloud Engineer exam

Question #: 71
Topic #: 6

[All Google Associate Cloud Engineer Questions]

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

ACreate a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

BCreate a custom role based on the Compute Image User role Add the compute.disks, list to the
includedPermissions field Grant the custom role to the user at the project level

CGrant the Compute Storage Admin role at the project level.

DCreate a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Show Suggested Answer

Suggested Answer: B

by Andra at Oct 21, 2023, 11:10 AM

Limited Time Offer

25%

Off

Get Premium Associate-Cloud-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Xochitl

6 months ago

Yeah, that makes sense. We don't want to give the user more access than they actually require. Gotta keep that principle of least privilege in mind, you know?

upvoted 0 times

...

Malcom

6 months ago

Ah, I see what you mean. Option D sounds like the best choice then - create a custom role based on Compute Storage Admin, but remove any extra permissions that the external user doesn't need.

upvoted 0 times

...

Elbert

6 months ago

I agree, a custom role is the way to go. But I'm not sure if we should be adding all the compute.disks.list and compute.images.list permissions. Maybe we can base it on an existing role and then exclude any unnecessary permissions?

upvoted 0 times

...

Alease

6 months ago

Hmm, this seems like a tricky question. We need to follow the Google-recommended practices, so I think the best approach is to create a custom role with the specific permissions required, rather than just granting a broad admin role.

upvoted 0 times

...