ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Database Engineer All Questions

View all questions & answers for the Professional Cloud Database Engineer exam
Go to Exam

Exam Professional Cloud Database Engineer topic 1 question 11 discussion

Actual exam question from Google's Professional Cloud Database Engineer
Question #: 11
Topic #: 1
[All Professional Cloud Database Engineer Questions]

Your organization operates in a highly regulated industry. Separation of concerns (SoC) and security principle of least privilege (PoLP) are critical. The operations team consists of:
Person A is a database administrator.
Person B is an analyst who generates metric reports.
Application C is responsible for automatic backups.
You need to assign roles to team members for Cloud Spanner. Which roles should you assign?

  • A. roles/spanner.databaseAdmin for Person A
    roles/spanner.databaseReader for Person B
    roles/spanner.backupWriter for Application C
  • B. roles/spanner.databaseAdmin for Person A
    roles/spanner.databaseReader for Person B
    roles/spanner.backupAdmin for Application C
  • C. roles/spanner.databaseAdmin for Person A
    roles/spanner.databaseUser for Person B
    roles/spanner databaseReader for Application C
  • D. roles/spanner.databaseAdmin for Person A
    roles/spanner.databaseUser for Person B
    roles/spanner.backupWriter for Application C
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by jitu028 at Dec. 22, 2022, 5:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dynamic_dba
Highly Voted 1 year, 9 months ago
A. C is wrong because databaseUser (Person B) would allow database writes and the question says generate metric reports, which would be read access only. databaseReader (Application C) doesn't allow backups. D is wrong because databaseUser (Person B) would allow database writes. That leaves A and B. Based upon Google's own documentation, it must be A. B would work, but backupAdmin for Application C would allow backup deletion as well as creation. backupWriter is described in the docs as "is intended to be used by scripts that automate backup creation". https://cloud.google.com/spanner/docs/iam
upvoted 9 times
...
Tempingtron
Most Recent 9 months ago
Selected Answer: A
We need an Admin for A, A reader for B and a Writer for C. Therefore A is the correct answer.
upvoted 2 times
...
theseawillclaim
1 year, 2 months ago
A is the one. You don't need the backupAdmin.
upvoted 2 times
...
goodsport
1 year, 3 months ago
Selected Answer: A
Answer is A.
upvoted 2 times
...
cloudkoala
1 year, 8 months ago
Selected Answer: A
It should be A as per the documentation. https://cloud.google.com/spanner/docs/iam#spanner.backupWriter
upvoted 2 times
...
Nirca
1 year, 9 months ago
Selected Answer: A
A is the best answer
upvoted 2 times
...
pk349
1 year, 11 months ago
A: roles/spanner.databaseAdmin for Person A roles/spanner.databaseReader for Person B roles/spanner.backupWriter for Application C
upvoted 3 times
...
chelbsik
1 year, 11 months ago
Selected Answer: A
B and C are obviously wrong because application only needs backupWriter permissions. D is wrong because roles/spanner.databaseUser contains write permissions, and we don't need that.
upvoted 4 times
...
GCP72
1 year, 11 months ago
Selected Answer: A
A is the correct answer. Cloud Spanner Backup Writer This role is intended to be used by scripts that automate backup creation. A principal with this role can create backups, but cannot update or delete them. Lowest-level resource
upvoted 3 times
...
jitu028
1 year, 11 months ago
Selected Answer: A
Correct answer - A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel