ExpertGCP PCA · Question 43 · Domain 3: Designing for Security and Compliance
You are designing the IAM strategy for a new GCP environment. You need to grant a third-party auditing firm read-only access to Cloud Audit Logs and BigQuery datasets. The firm uses their own Google Workspace. You want to follow the principle of least privilege and minimize administrative overhead. Which TWO actions should you take? (Select TWO)
You are designing the IAM strategy for a new GCP environment. You need to grant a third-party auditing firm read-only access to Cloud Audit Logs and BigQuery datasets. The firm uses their own Google Workspace. You want to follow the principle of least privilege and minimize administrative overhead. Which TWO actions should you take? (Select TWO)
Answer options:
Ask the auditing firm to provide a Google Group email address containing their auditors.
Create individual IAM user accounts for each auditor in your GCP project.
Grant the roles/logging.viewer and roles/bigquery.dataViewer roles to the Google Group.
Grant the roles/editor role to the auditing firm.
Generate Service Account keys and email them to the auditors.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 4
50 questions · hints · full answers · grading