Your company uses Google Workspace. You need to grant a new developer, Alice, the ability to view all resources in your 'production-app' project, but she should not be able to modify anything. You want to follow the principle of least privilege using predefined roles.

What should you do?

Answer options:

Assign Alice the roles/browser role at the organization level.

Assign Alice the roles/viewer role at the project level.

Create a custom role with 'get' and 'list' permissions and assign it to Alice.

Assign Alice the roles/editor role at the project level.

How to approach this question

Identify the requirement: read-only access to all resources using predefined roles.

Full Answer

B.Assign Alice the roles/viewer role at the project level.✓ Correct

The basic Viewer role (`roles/viewer`) provides read-only access to state and metadata for all resources within the project. It is the most appropriate predefined role for someone who needs to view everything but change nothing.

Common mistakes

Selecting custom roles when the scenario explicitly asks for predefined roles.

Question 01 All questions Question 03

Practice the full GCP Associate Cloud Engineer Practice Exam 4

50 questions · hints · full answers · grading

More questions from this exam

Q01You have recently joined a new team and need to set up a new Google Cloud project for a developme...Easy Q03You have created a new GCP project and want to deploy a Compute Engine instance. However, when yo...Medium Q04Your startup has a strict monthly cloud budget of $500. You want to be notified via email when yo...Easy Q05Your finance team wants to analyze Google Cloud costs using standard SQL and build custom dashboa...Medium Q06You have just installed the Google Cloud SDK on your local workstation. You need to authenticate,...Easy

View all 50 questions →