Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Associate Cloud Engineer Exam - Topic 6 Question 71 Discussion

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?
B) Create a custom role based on the Compute Image User role Add the compute.disks, list to the includedPermissions field Grant the custom role to the user at the project level
A) Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.
C) Grant the Compute Storage Admin role at the project level.
D) Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Google Associate Cloud Engineer Exam - Topic 6 Question 71 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 71
Topic #: 6
[All Associate Cloud Engineer Questions]

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Andra at Oct 21, 2023, 11:10 AM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Xochitl
6 months ago
Wait, can we really create custom roles like that? Sounds risky!
upvoted 0 times
...
Diane
7 months ago
D sounds complicated, why not just go with A?
upvoted 0 times
...
Teri
7 months ago
C seems too broad for just listing images and disks.
upvoted 0 times
...
Frederica
7 months ago
I think B is more appropriate since it builds on existing roles.
upvoted 0 times
...
Cherry
7 months ago
A is the best option for specific access.
upvoted 0 times
...
Jade
7 months ago
I’m a bit confused about whether to create a custom role based on another role or just create one from scratch like in option A.
upvoted 0 times
...
Francisca
8 months ago
I feel like granting the Compute Storage Admin role in option C might be too broad for just listing images and disks.
upvoted 0 times
...
Elvera
8 months ago
I think option B sounds familiar because it mentions the Compute Image User role, which we practiced in a similar question last week.
upvoted 0 times
...
Hailey
8 months ago
I remember we discussed the importance of using custom roles to limit permissions, but I'm not sure if I should include all permissions or just the necessary ones.
upvoted 0 times
...
Gary
8 months ago
I'm feeling pretty confident about this one. Option D looks like the way to go - create a custom role based on Compute Storage Admin, but exclude any unnecessary permissions. That's the most secure and least permissive approach.
upvoted 0 times
...
Adelina
8 months ago
Okay, I've got a strategy here. I'll create a custom role based on the Compute Image User role, add the compute.disks.list permission, and grant that to the user at the project level. That way, I'm only giving them the exact permissions they need.
upvoted 0 times
...
Larae
8 months ago
Hmm, I'm a bit unsure about this one. I know we're supposed to follow Google's recommended practices, but I'm not sure which option does that best. I'll have to think this through carefully.
upvoted 0 times
...
Rodrigo
8 months ago
This seems pretty straightforward. I think the best approach is to create a custom role with just the required permissions and grant that to the user.
upvoted 0 times
...
Maricela
8 months ago
This question seems straightforward. I think the answer is B - expecting all students to learn at the same rate of speed, since slower learners will need more time and flexibility.
upvoted 0 times
...
Veronika
8 months ago
Okay, I think I have a strategy here. I'll need to set up a secondary replica in the Azure VM, then fail over to that replica to minimize downtime.
upvoted 0 times
...
Jose
8 months ago
I'm leaning towards option A, but I'm not completely sure if encryption directly prevents malicious intermediaries.
upvoted 0 times
...
Xochitl
2 years ago
Yeah, that makes sense. We don't want to give the user more access than they actually require. Gotta keep that principle of least privilege in mind, you know?
upvoted 0 times
...
Malcom
2 years ago
Ah, I see what you mean. Option D sounds like the best choice then - create a custom role based on Compute Storage Admin, but remove any extra permissions that the external user doesn't need.
upvoted 0 times
...
Elbert
2 years ago
I agree, a custom role is the way to go. But I'm not sure if we should be adding all the compute.disks.list and compute.images.list permissions. Maybe we can base it on an existing role and then exclude any unnecessary permissions?
upvoted 0 times
...
Alease
2 years ago
Hmm, this seems like a tricky question. We need to follow the Google-recommended practices, so I think the best approach is to create a custom role with the specific permissions required, rather than just granting a broad admin role.
upvoted 0 times
...

Save Cancel