Q: 14
You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to
read, but not modify, all project items.
How should you configure the auditor's permissions?
Options
Discussion
Option C is correct since the built-in IAM Viewer role already has broad read-only permissions at the project level. A custom role (A or B) is unnecessary here and D would be too limited. Anyone disagree?
Had something like this in a mock before and chose A. I thought custom roles were better for security since you can specifically control what permissions are granted, even if just view-only. Might be overthinking it but custom seems safer to me than default roles. Anyone else prefer option A?
Honestly wish Google made these roles less confusing. I picked A since I thought a custom view-only role would be safer, but it’s probably overkill for basic audit needs. Let me know if I’m missing something obvious.
Its C. Viewer role handles read-only across the project, so no need to go custom or pick service-specific options.
Yep, it's C. Built-in project Viewer role gives full read-only so no need to customize for auditors.
C is what you want here, the built-in IAM Viewer role gives read-only access across the entire project so it's set up for audit scenarios. I saw something similar in a practice test, looks right to me but open to corrections if I'm missing something.
Kinda confused but pretty sure it's C. Does the built-in Viewer cover everything for an audit like this?
Be respectful. No spam.
