Google Cloud Associate Cloud Engineer — Question 68

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called
Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

Answer options

• A. Ask the auditor for their Google account, and give them the Viewer role on the project.
• B. Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
• C. Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
• D. Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

Correct answer: C

Explanation

Creating a temporary account for the auditor in Cloud Identity and granting it the Viewer role ensures that the auditor can view the resources without the ability to modify them, which aligns with the requirement. The other options either involve using roles that provide unnecessary permissions (like Security Reviewer) or granting access through an existing account, which may not adhere to the Domain Restricted Sharing policy.