Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud DevOps Engineer Exam - Topic 1 Question 88 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam
Question #: 88
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

Your company's security team needs to have read-only access to Data Access audit logs in the _Required bucket You want to provide your security team with the necessary permissions following the principle of least privilege and Google-recommended practices. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B, E

The correct answers are B and E

A good postmortem should include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident1. This helps to identify the root cause of the problem, the impact of the incident, and the actions to take to mitigate or eliminate the risk of recurrence.

A good postmortem should also include all incident participants in postmortem authoring and share postmortems as widely as possible2. This helps to foster a culture of learning and collaboration, as well as to increase the visibility and accountability of the incident response process.

Answer A is incorrect because it assigns blame to a person or team, which goes against the principle of blameless postmortems2. Blameless postmortems focus on finding solutions rather than pointing fingers, and encourage honest and constructive feedback without fear of punishment.

Answer C is incorrect because it omits how the incident could have been worse, which is an important factor to consider when evaluating the severity and impact of the incident1. It also avoids naming internal system components, which makes it harder to understand the technical details and root cause of the problem.

Answer D is incorrect because it omits how to prevent a future occurrence of the incident, which is the main goal of a postmortem1. It also avoids naming customer information, which may be relevant for understanding the impact and scope of the incident.


by Dorethea at Mar 09, 2025, 09:34 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Royal
4 months ago
D seems like overkill, just use B!
upvoted 0 times
...
Deeanna
5 months ago
Wait, are we sure about the privateLogViewer role? Sounds sketchy.
upvoted 0 times
...
Blondell
5 months ago
Definitely B, it's cleaner and follows best practices.
upvoted 0 times
...
Veronika
5 months ago
I think A is better for individual control.
upvoted 0 times
...
Kanisha
5 months ago
B is the way to go for group access!
upvoted 0 times
...
Sena
6 months ago
I feel like option D might be the best approach since it assigns the role to a group, but I’m not entirely confident about the naming conventions.
upvoted 0 times
...
Germaine
6 months ago
I’m a bit confused about the difference between the viewer role and the privateLogViewer role. Does anyone remember which one is more appropriate for read-only access?
upvoted 0 times
...
Viola
6 months ago
I remember practicing a similar question, and I think assigning roles to a group is more efficient. Maybe option B is the right choice?
upvoted 0 times
...
Amber
6 months ago
I think we should focus on the principle of least privilege, but I'm not sure if assigning roles to individuals or a group is better.
upvoted 0 times
...
Juliann
6 months ago
I'm not sure about the difference between the "roles/logging.viewer" and "roles/logging.privateLogViewer" roles. I think I'll need to do some more research on the Google-recommended practices before deciding on the best option.
upvoted 0 times
...
Micah
6 months ago
I'm pretty confident that option A is the way to go here. Assigning the roles/logging.viewer role to each member of the security team seems like the most straightforward and least privileged approach.
upvoted 0 times
...
Monte
6 months ago
Okay, let's think this through. The question says we want to provide read-only access, so we need to use a role that gives that level of access. I'm leaning towards option D - assigning the roles/logging.privateLogViewer role to a group with all the security team members.
upvoted 0 times
...
Katie
6 months ago
I'm a bit confused here. Is the "roles/logging.viewer" role the same as the "roles/logging, viewer" role? I'm not sure which one is the correct choice.
upvoted 0 times
...
Jenise
6 months ago
Hmm, this seems pretty straightforward. I think I'll go with option B - assigning the roles/logging.viewer role to a group with all the security team members.
upvoted 0 times
...
Franchesca
11 months ago
Wait, is this a trick question? What's with all these 'logging' and 'privateLogViewer' roles? I thought we were just supposed to give them read-only access. *scratches head*
upvoted 0 times
Shawna
10 months ago
It's not a trick question, just make sure to follow the principle of least privilege and give them only the necessary permissions.
upvoted 0 times
...
Richelle
10 months ago
You can also consider using the 'roles/logging.privateLogViewer' role for more restricted access to the logs.
upvoted 0 times
...
Rikki
10 months ago
You can assign the 'roles/logging.viewer' role to the security team for read-only access to Data Access audit logs.
upvoted 0 times
...
...
Laurel
11 months ago
I'm going with option D. Assigning the role to a group is more efficient, and the privateLogViewer role sounds like it's the right one for the task.
upvoted 0 times
Gary
10 months ago
Let's go with that option then.
upvoted 0 times
...
Bo
10 months ago
PrivateLogViewer role seems like the right one for the task.
upvoted 0 times
...
Stacey
10 months ago
Option D sounds good. Assigning the role to a group is efficient.
upvoted 0 times
...
...
Rosenda
12 months ago
Option A is the way to go! Assigning the roles/logging.viewer role to each team member is the simplest and most straightforward approach.
upvoted 0 times
...
Kizzy
12 months ago
Hmm, I'm not sure about this one. Shouldn't we be using the roles/logging.viewer role instead of the privateLogViewer role? I'm a bit confused.
upvoted 0 times
Abraham
11 months ago
B) Assign the roles/logging.viewer role to a group with all the security team members
upvoted 0 times
...
Chan
11 months ago
A) Assign the roles/logging.viewer role to each member of the security team
upvoted 0 times
...
...
Gene
1 year ago
Option D seems like the correct answer to me. Assigning the privateLogViewer role to a group ensures that the security team has the necessary read-only access.
upvoted 0 times
...
Maryann
1 year ago
I think option B is the way to go. Assigning the role to a group makes it easier to manage permissions and follows the principle of least privilege.
upvoted 0 times
Chauncey
10 months ago
Assigning roles to a group with all security team members is a good way to ensure consistency and ease of management.
upvoted 0 times
...
Peggie
10 months ago
It's important to follow Google-recommended practices when setting up permissions for security teams.
upvoted 0 times
...
Jennifer
11 months ago
Assigning the role to a group simplifies the process and ensures least privilege access.
upvoted 0 times
...
Cecil
11 months ago
I agree, option B is definitely the best choice for managing permissions efficiently.
upvoted 0 times
...
...
Peggie
1 year ago
I prefer assigning the roles/logging.viewer role to a group with all the security team members. It's more efficient.
upvoted 0 times
...
Yolando
1 year ago
I agree with Davida. It's important to follow the principle of least privilege.
upvoted 0 times
...
Davida
1 year ago
I think we should assign the roles/logging.viewer role to each member of the security team.
upvoted 0 times
...

Save Cancel