Google Cloud Associate Cloud Engineer — Question 97

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.
How should you configure the auditor's permissions?

Answer options

• A. Create a custom role with view-only project permissions. Add the user's account to the custom role.
• B. Create a custom role with view-only service permissions. Add the user's account to the custom role.
• C. Select the built-in IAM project Viewer role. Add the user's account to this role.
• D. Select the built-in IAM service Viewer role. Add the user's account to this role.

Correct answer: C

Explanation

The correct answer is C because the IAM project Viewer role is specifically designed to allow users to view all resources within a project without granting modification rights. Options A and B involve creating custom roles, which is unnecessary since the built-in role already meets the requirement. Option D is incorrect as it pertains to service-level permissions rather than project-level permissions.