Topic 1 Question 111

Associate Cloud Engineer

Topic 1 Question 111
Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?
- Ask the auditor for their Google account, and give them the Viewer role on the project.
- Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
- Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
- Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.
ユーザの投票
コメント(17)
- C - https://cloud.google.com/iam/docs/roles-audit-logging#scenario_external_auditors
  
  👍 47
  dan802020/06/08
- Correct Answer is (C):
  
  roles/viewer Read access to all resources. Get and list access for all resources.
  
  Using primitive roles The following table lists the primitive roles that you can grant to access a project, the description of what the role does, and the permissions bundled within that role. Avoid using primitive roles except when absolutely necessary. These roles are very powerful, and include a large number of permissions across all Google Cloud services. For more details on when you should use primitive roles, see the Identity and Access Management FAQ.
  
  IAM predefined roles are much more granular, and allow you to carefully manage the set of permissions that your users have access to. See Understanding Roles for a list of roles that can be granted at the project level. Creating custom roles can further increase the control you have over user permissions.
  
  https://cloud.google.com/resource-manager/docs/access-control-proj#using_primitive_roles
  
  👍 19
  ESP_SAP2020/08/20
- Easy - C
  
  Domain Retricted Sharing is on ( restrict the set of identities that are allowed to be used in Identity and Access Management policies) which takes out A/B of the equation.
  
  Easy choice between C/D
  
  👍 3
  meh0092021/04/22
シャッフルモード

ユーザの投票

コメント(17)