Practice Test 2 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
You are a project owner in a GCP organization. You have been tasked with the assigning groups IAM permissions based on their responsibilities. You need to give permissions to your to the group managing the Interconnect connections. Following the principle of least privilege, which of the following roles would assign?
A. predefined roles/networkmanagement.admin.
B. predefined roles/compute.networkAdmin.
C. custom roles with compute.Interconnect* permissions attached.
D. custom roles with roles/compute.networkUser.
Answer: C
Options A, B are incorrect because they give more permissions than is required. It does not follow the principle of least privilege.
Option C is correct because it has just the permissions to manage the interconnect.
Option D is incorrect because roles/compute.networkUser is a predefined role and has excessive permission for the tasks specified.
See https://cloud.google.com/iam/docs/understanding-roles#compute-engine-roles to see the permissions in the compute engine roles.
Comments are closed, but trackbacks and pingbacks are open.