Examtopics

コメント(17)

• Answer is C.

  1. The DevOps group needs full control of Compute Engine resources in your development project. --> So, we grants permissions to create and update Compute Engine instances and their related resources, such as disks, images, and snapshots.

  A// Create a custom role at the folder level and grant all compute.instanceAdmin.* permissions to the role.

  2. They should not have permission to create or update any other resources in the project. --> We do not grant permissions to create or update any other resources in the project, such as Cloud Storage buckets, Cloud Functions, or BigQuery datasets.

  A// Grant the custom role to the DevOps group.

  👍 6

  carlalap2023/11/16
• 正解だと思う選択肢: A

  Answer is A. roles/viewer gives read only access on Project, so it does not create/update any resources. roles/compute.admin gives full access to Compute Engine resources.

  👍 5

  VijKall2023/11/02
• 正解だと思う選択肢: A

  Compute Admin (roles/compute.admin) = Full control of all Compute Engine resources. The only permission to have full control of Computer Engine Resources (as required in question) ref: https://cloud.google.com/iam/docs/understanding-roles#compute.admin

  Compute.instanceAdmin does NOT allow FULL control of Compute Engine, only Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings.

  👍 3

  NoCrapEva2023/09/06