Google Cloud Associate Cloud Engineer — Question 194

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

Answer options

• A. Create a custom role, and add all the required compute.disks.list and compute.images.list permissions as includedPermissions. Grant the custom role to the user at the project level.
• B. Create a custom role based on the Compute Image User role. Add the compute.disks.list to the includedPermissions field. Grant the custom role to the user at the project level.
• C. Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.
• D. Grant the Compute Storage Admin role at the project level.

Correct answer: A

Explanation

The correct answer is A because creating a custom role allows you to include only the necessary permissions, such as compute.disks.list and compute.images.list, while adhering to the principle of least privilege. Option B is incorrect as it does not include the required compute.images.list permission, and options C and D grant broader permissions than needed, which goes against best practices.