Google Professional Cloud Security Engineer Exam - Topic 1 Question 12 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 12
Topic #: 1

[All Professional Cloud Security Engineer Questions]

You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices.

What should you do?

ACreate an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.

BCreate a custom role with the permission compute.instances.list and grant the Service Account this role.

CGive the Service Account the role of Compute Viewer, and use the new Service Account for all instances.

DGive the Service Account the role of Project Viewer, and use the new Service Account for all instances.

Show Suggested Answer

Suggested Answer: B

by Ma at May 06, 2022, 04:04 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nadine

4 months ago

Totally agree, B is the way to go!

upvoted 0 times

...

Carman

4 months ago

A doesn't really fit the requirement, right?

upvoted 0 times

...

Melvin

4 months ago

Surprised that D is even an option, seems excessive!

upvoted 0 times

...

Cammy

4 months ago

I think C is too broad for just listing.

upvoted 0 times

...

Long

5 months ago

B is the best option for listing instances.

upvoted 0 times

...

Olga

5 months ago

I practiced a similar question where we had to assign roles, and I feel like option A might be too broad for just listing instances.

upvoted 0 times

...

Luis

5 months ago

I'm not entirely sure, but I remember something about using predefined roles like Compute Viewer. Maybe option C is a good choice?

upvoted 0 times

...

Sabine

5 months ago

I think option B sounds right since creating a custom role with the specific permission seems to align with best practices.

upvoted 0 times

...

Rasheeda

5 months ago

I’m leaning towards option D, but I’m a bit confused about whether Project Viewer gives too many permissions for just listing instances.

upvoted 0 times

...

Laila

5 months ago

I'm a bit confused on this one. Is it a row-level formula or a report bucket field? I'll need to review the concepts.

upvoted 0 times

...

Ilene

5 months ago

Hmm, Windows internal logs seem like they might be exempt since they're not directly related to Splunk's operations. But I'm not 100% sure on that.

upvoted 0 times

...