You are setting up a new GCP environment. You need to grant a group of developers access to view resources in a specific project, but they should not be able to modify anything. Which TWO actions should you take? (Select TWO)

Answer options:

Create a Google Group and add the developers to it.

Assign the roles/viewer role to each developer's individual user account.

Assign the roles/editor role to the Google Group at the project level.

Assign the roles/viewer role to the Google Group at the project level.

Create a Service Account for the developers to share.

How to approach this question

Identify the best practice for grouping users (Google Groups) and the appropriate least-privilege role (Viewer).

Full Answer

Google Cloud best practices dictate using Google Groups to manage access for teams. This makes onboarding and offboarding easier. The `roles/viewer` primitive role grants read-only access to almost all resources in the project, satisfying the requirement that they cannot modify anything.

Common mistakes

Selecting individual user assignment instead of group assignment, or selecting a role with too many permissions.

Question 02 All questions Question 04

Practice the full GCP Associate Cloud Engineer Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01What is the highest level of the Google Cloud resource hierarchy?Easy Q02You need to enable the Compute Engine API in a new project using the command line. Which command ...Easy Q04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...Easy Q05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium Q06You have just installed the Google Cloud SDK on your local machine. Which command should you run ...Easy

View all 50 questions →