Topic 1 Question 108
You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?
Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: B
I'm not 100% sure for this question.
for me, this question is about shared vpc, go to documentation: https://cloud.google.com/vpc/docs/shared-vpc
"Implement a security best practice of least privilege for network administration, auditing, and access control. Shared VPC Admins can delegate network administration tasks to Network and Security Admins in the Shared VPC network without allowing Service Project Admins"
following this recommendation above, cann't be letter C and D, definitely.
So, can be A or B. But question say:
"across multiple folders" and "task in the fewest number of steps"
If we go to letter A, this configuration cann't be complete with fewest steps, principal if we have 100 folders.
In my opinion is letter B, this is a personal opinion.
👍 7ccieman20162022/12/02 - 正解だと思う選択肢: B
correct answer - B, Compute Shared VPC Admin (compute.xpnAdmin) at org level since we need to manage N host projects in diferente folders.
👍 3pfilourenco2022/12/09 This is most appropriate role. C. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level
👍 1AzureDP9002022/11/30
シャッフルモード