Topic 1 Question 131
2 つ選択As your organization expands its usage of GCP, many teams have started to create their own projects. Projects are further multiplied to accommodate different stages of deployments and target audiences. Each project requires unique access control configurations. The central IT team needs to have access to all projects. Furthermore, data from Cloud Storage buckets and BigQuery datasets must be shared for use in other projects in an ad hoc way. You want to simplify access control management by minimizing the number of policies. Which two steps should you take?
Use Cloud Deployment Manager to automate access provision.
Introduce resource hierarchy to leverage access control policy inheritance.
Create distinct groups for various teams, and specify groups in Cloud IAM policies.
Only use service accounts when sharing data for Cloud Storage buckets and BigQuery datasets.
For each Cloud Storage bucket or BigQuery dataset, decide which projects need access. Find all the active members who have access to these projects, and create a Cloud IAM policy to grant access to all these users.
ユーザの投票
コメント(17)
Answer: B, C Description: Google suggests that we should provide access by following google hierarchy and groups for users with similar roles
👍 31[Removed]2020/03/28C is one option for sure, also C eliminates B as C includes groups and teams hierarchy, A can be eliminated as A talks about only deployment. From Remaining D and E, i find E most relevant to question--as E matches users with teams/groups and projects. Answer C and E.
👍 19AJKumar2020/06/22Answer:- C, D C is used as best practice to create group and assign IAM roles D "data from Cloud Storage buckets and BigQuery datasets must be shared for use in other projects in an ad hoc way" is mentioned in question. When 2 project communicate, service account should be used
👍 9hellofrnds2021/10/01
シャッフルモード