Google Cloud Associate Cloud Engineer — Question 7

You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?

Answer options

• A. Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
• B. Add the auditors group to two new custom IAM roles.
• C. Add the auditor user accounts to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
• D. Add the auditor user accounts to two new custom IAM roles.

Correct answer: A

Explanation

The correct answer, A, is right because adding the auditors group to the predefined roles ensures they have the necessary permissions without the overhead of creating custom roles. Options B and D involve creating new roles, which is not aligned with the recommendation to use predefined roles for simplicity and standardization. Option C is incorrect as it focuses on individual user accounts rather than the auditors group as a whole.