ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Subtask 5.1: Advise development and operation teamsIAMSecurityLeast Privilege

GCP PCA · Question 35 · Advise development and operation teams

A new developer joins your team and needs to view the logs for a specific Cloud Run service to troubleshoot an issue. They should not be able to modify the service or view logs for other services. Which IAM role should you grant?

Answer options:

A.

Grant the roles/viewer basic role at the Project level.

B.

Grant the roles/logging.viewer role at the Project level.

C.

Grant the roles/logging.viewer role on the specific Cloud Run service resource.

D.

Grant the roles/run.developer role at the Project level.

How to approach this question

Apply the principle of least privilege: use predefined roles (not basic roles) and apply them at the lowest possible level in the resource hierarchy.

Full Answer

C.Grant the `roles/logging.viewer` role on the specific Cloud Run service resource.✓ Correct
Google Cloud IAM follows the principle of least privilege. Basic roles (Owner/Editor/Viewer) should be avoided in production. Predefined roles (like `roles/logging.viewer`) provide granular permissions. Furthermore, IAM policies should be applied at the lowest possible level in the resource hierarchy (in this case, the specific Cloud Run service, not the entire Project) to restrict access strictly to what is needed.

Common mistakes

Applying roles at the Project level out of convenience, which grants overly broad access.
34All questions36

Practice the full GCP Professional Cloud Architect Practice Exam 1

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium
View all 50 questions →