D) CSPM Misconfiguration Viewer To allow an analyst to review cloud control plane Indicators of Misconfiguration (IOMs) while maintaining least-privilege access, CrowdStrike recommends assigning the CSPM Misconfiguration Viewer role. Cloud control plane IOMs focus on identifying insecure configurations across cloud providers, such as overly permissive IAM roles, disabled logging, public exposure of services, or noncompliant security settings. The CSPM Misconfiguration Viewer role grants read-only access to these findings, allowing analysts to investigate risks without making configuration changes. Other roles provide broader access than required. Cloud Security Manager includes administrative and modification privileges, exceeding least-privilege requirements. Kubernetes and Containers Manager focuses on container and Kubernetes security, not cloud control plane configurations. Cloud Compliance Viewer is oriented toward compliance frameworks rather than detailed misconfiguration analysis. By assigning the CSPM Misconfiguration Viewer role, organizations ensure analysts can perform their investigative duties safely and appropriately, aligning with CrowdStrike's role-based access control (RBAC) best practices.

A) Cloud Security Manager

B) Kubernetes and Containers Manager

C) Cloud Compliance Viewer