Google Cloud Associate Cloud Engineer — Question 80

Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

Answer options

• A. Add your SREs to roles/iam.roleAdmin role.
• B. Add your SREs to roles/accessapproval.approver role.
• C. Add your SREs to a group and then add this group to roles/iam.roleAdmin.role.
• D. Add your SREs to a group and then add this group to roles/accessapproval.approver role.

Correct answer: D

Explanation

The correct choice is D because assigning the SREs to a group and granting that group the roles/accessapproval.approver role allows them to approve access requests effectively, following Google’s recommended practices. Options A and C do not provide the necessary permissions related to access approval, and option B does not utilize the group structure, which is useful for managing permissions at scale.