Domain 3: Designing for Security and Compliance — GCP PCA Practice Question 43

How to approach this question

Use Google Groups for managing multiple external users, and apply specific Viewer roles.

Full Answer

Ask the auditing firm to provide a Google Group email address containing their auditors. Grant the `roles/logging.viewer` and `roles/bigquery.dataViewer` roles to the Google Group.

Best practice for granting access to multiple users (especially external ones) is to use a Google Group (Option A). This shifts the burden of managing individual user lifecycle to the third party. To follow least privilege, you should grant specific read-only roles (`logging.viewer` and `bigquery.dataViewer`) to that group (Option C), rather than broad primitive roles like Viewer or Editor.

Common mistakes

Creating individual accounts (B). This is an administrative nightmare and leads to security vulnerabilities when external employees leave their company.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 4

More questions from this exam