Topic 1 Question 301
Your organization is implementing separation of duties in a Google Cloud project. A group of developers must deploy new code, but cannot have permission to change network firewall rules. What should you do?
Assign the network administrator IAM role to all developers. Tell developers not to change firewall settings.
Use Access Context Manager to create conditions that allow only authorized administrators to change firewall rules based on attributes such as IP address or device security posture.
Create and assign two custom IAM roles. Assign the deployer role to control Compute Engine and deployment-related permissions. Assign the network administrator role to manage firewall permissions.
Grant the editor IAM role to the developer group. Explicitly negate any firewall modification permissions by using IAM deny policies.
ユーザの投票
コメント(2)
C - Custom Roles: Creating custom IAM roles allows you to define granular permissions, ensuring that developers only have the necessary access to deploy new code. Separation of Duties: By assigning the deployer role to control Compute Engine and deployment-related permissions, while assigning the network administrator role to manage firewall permissions, you effectively enforce separation of duties. This reduces the risk of unauthorized access or malicious activities. Granular Control: Custom roles provide more granular control over permissions compared to pre-defined roles, allowing you to tailor access to specific tasks.
👍 2abdelrahman892024/10/04- 正解だと思う選択肢: C
It's C.
👍 1json4u2024/10/15
シャッフルモード