Topic 1 Question 172
You're developing the incident response plan for your company. You need to define the access strategy that your DevOps team will use when reviewing and investigating a deployment issue in your Google Cloud environment. There are two main requirements: ✑ Least-privilege access must be enforced at all times. ✑ The DevOps team must be able to access the required resources only during the deployment issue. How should you grant access while following Google-recommended best practices?
Assign the Project Viewer Identity and Access Management (IAM) role to the DevOps team.
Create a custom IAM role with limited list/view permissions, and assign it to the DevOps team.
Create a service account, and grant it the Project Owner IAM role. Give the Service Account User Role on this service account to the DevOps team.
Create a service account, and grant it limited list/view permissions. Give the Service Account User Role on this service account to the DevOps team.
ユーザの投票
コメント(6)
I think the answer should D. Option B gives them "Always On" permissions but the question asks for "Just in time" permissions. So, this is possible only with a Service Account. Once the incident response team resolves the issue, the service account key can be disabled.
👍 11Baburao2022/09/03- 正解だと思う選択肢: D
answer should be D
👍 3GHOST19852022/09/15 - 正解だと思う選択肢: D
D. Create a service account, and grant it limited list/view permissions. Give the Service Account User Role on this service account to the DevOps team.
👍 3AwesomeGCP2022/10/08
シャッフルモード