Topic 9 Question 43
Which of these is not a principle you should apply when setting roles and permissions?
Whenever possible, assign roles to groups instead of to individuals.
Grant users the appropriate permissions to facilitate least privilege
Whenever possible, assign primitive roles rather than predefined roles.
Audit all policy changes by checking the Cloud Audit Logs.
解説
Predefined roles provide more granular access than the primitive roles. Grant predefined roles to identities when possible, so you only give the least amount of access necessary to access your resources. Reference: https://cloud.google.com/iam/docs/using-iam-securely
コメント(5)
Final Decision to go with Option C
👍 8AD2AD42020/05/28For security-critical resources, avoid primitive roles
👍 5mpguard2020/02/15C is the answer!
👍 3misho2020/06/02
シャッフルモード