Topic 1 Question 232
Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs, but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (IAM) roles at the right resource level for the developers and security team while you ensure least privilege.
What should you do?
- Grant logging.viewer role to the security team at the organization resource level.
- Grant logging.viewer role to the developer team at the folder resource level that contains all the dev projects.
- Grant logging.viewer role to the security team at the organization resource level.
- Grant logging.admin role to the developer team at the organization resource level.
- Grant logging.admin role to the security team at the organization resource level.
- Grant logging.viewer role to the developer team at the folder resource level that contains all the dev projects.
- Grant logging.admin role to the security team at the organization resource level.
- Grant logging.admin role to the developer team at the organization resource level.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
Grant logging.viewer role to the security team at the organization resource level. This allows the security team to view all logs in both production and development environments. Grant logging.viewer role to the developer team at the folder resource level that contains all the dev projects. This allows the developers to view all application development audit logs, but not the production logs, ensuring least privilege.
👍 1MisterHairy2023/11/21 A is correct , least privilege access.
👍 1ale1832023/11/21
シャッフルモード