ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 232 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 232
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs, but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (IAM) roles at the right resource level for the developers and security team while you ensure least privilege.

What should you do?

  • A. 1. Grant logging.viewer role to the security team at the organization resource level.
    2. Grant logging.viewer role to the developer team at the folder resource level that contains all the dev projects.
  • B. 1. Grant logging.viewer role to the security team at the organization resource level.
    2. Grant logging.admin role to the developer team at the organization resource level.
  • C. 1. Grant logging.admin role to the security team at the organization resource level.
    2. Grant logging.viewer role to the developer team at the folder resource level that contains all the dev projects.
  • D. 1. Grant logging.admin role to the security team at the organization resource level.
    2. Grant logging.admin role to the developer team at the organization resource level.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by t3lomoyo at Nov. 9, 2023, 10:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
7f97f9f
2 months, 1 week ago
Selected Answer: A
The security team only needs to view logs, not manage log resources. logging.admin grants unnecessary permissions.
upvoted 1 times
...
Kmkz83510
4 months, 2 weeks ago
Selected Answer: C
Security team needs access to ALL logs. The only way they'll get that is with logging.admin. logging.viewer would not provide data access logs.
upvoted 1 times
...
Bettoxicity
7 months ago
Selected Answer: A
A is correct!
upvoted 1 times
...
ale183
11 months, 2 weeks ago
A is correct , least privilege access.
upvoted 2 times
...
MisterHairy
11 months, 2 weeks ago
Selected Answer: A
Grant logging.viewer role to the security team at the organization resource level. This allows the security team to view all logs in both production and development environments. Grant logging.viewer role to the developer team at the folder resource level that contains all the dev projects. This allows the developers to view all application development audit logs, but not the production logs, ensuring least privilege.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago