ExpertEasy1 markMultiple Choice
GCP PCA · Question 28 · Domain 3: Designing for Security and Compliance
A new developer joins your team and needs to view the configuration of Compute Engine instances, but should not be able to start, stop, or modify them. Which IAM role should you grant?
A new developer joins your team and needs to view the configuration of Compute Engine instances, but should not be able to start, stop, or modify them. Which IAM role should you grant?
Answer options:
A.
roles/viewer
B.
roles/compute.viewer
C.
roles/compute.admin
D.
roles/browser
How to approach this question
Apply least privilege using predefined roles.
Full Answer
B.roles/compute.viewer✓ Correct
roles/compute.viewer is a predefined role that grants exactly the read-only permissions needed for Compute Engine, adhering to the principle of least privilege.
Common mistakes
Choosing the primitive roles/viewer which is too broad.
Practice the full GCP Professional Cloud Architect Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...HardQ04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy