Topic 1 Question 148
A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?
In the console, validate which SSH keys have been stored as project-wide keys.
Navigate to Identity-Aware Proxy and check the permissions for these resources.
Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
Use the command gcloud projects getג€"iamג€"policy to view the current role assignments.
ユーザの投票
コメント(17)
Correct Answer is (D):
A simple approach would be to use the command flags available when listing all the IAM policy for a given project. For instance, the following command:
gcloud projects get-iam-policy $PROJECT_ID --flatten="bindings[].members" --format="table(bindings.members)" --filter="bindings.role:roles/owner"outputs all the users and service accounts associated with the role ‘roles/owner’ in the project in question.
https://groups.google.com/g/google-cloud-dev/c/Z6sZs7TvygQ?pli=1
👍 39ESP_SAP2020/08/21D: is the answer
👍 13MohammedGhouse2020/08/12I chose D by a process of elimination. Here's my take:
A. There's more than one way to access an instance than just the SSH keys, and SSH keys have nothing to do with Project Owner role. B. Barking up the wrong tree here, Identity-Aware Proxy is more for remotely accessing resources, rather than Project Owner IAM roles. C. This will only work if everyone who is a Project Owner accesses the system so you can see them in the logs. What if a Project Owner doesn't access the Project for a while? How long will you wait? Nope. D. By elimination, this is the best result.
👍 8obeythefist2022/02/28
シャッフルモード