Examtopics

Professional Cloud Security Engineer

70
72

Topic 1 Question 71
You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices. What should you do?
- Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.
- Create a custom role with the permission compute.instances.list and grant the Service Account this role.
- Give the Service Account the role of Compute Viewer, and use the new Service Account for all instances.
- Give the Service Account the role of Project Viewer, and use the new Service Account for all instances.
ユーザの投票
コメント(15)
- B, https://cloud.google.com/compute/docs/access/iam
  
  👍 15
  MohitA2020/09/02
- I think C is good
  
  👍 4
  [Removed]2021/04/13
- B. The only option that adheres to the principle of least privilege and meets question requirements is B
  
  👍 4
  sudarchary2022/01/26
シャッフルモード

70
72