Google Cloud Professional Cloud DevOps Engineer — Question 102

Your company’s security team needs to have read-only access to Data Access audit logs in the _Required bucket. You want to provide your security team with the necessary permissions following the principle of least privilege and Google-recommended practices. What should you do?

Answer options

• A. Assign the roles/logging.viewer role to each member of the security team.
• B. Assign the roles/logging.viewer role to a group with all the security team members.
• C. Assign the roles/logging.privateLogViewer role to each member of the security team.
• D. Assign the roles/logging.privateLogViewer role to a group with all the security team members.

Correct answer: D

Explanation

The correct answer is D because assigning the roles/logging.privateLogViewer role to a group ensures that all members receive the necessary permissions without overprovisioning. Options A and C grant permissions to each individual, which is less efficient and does not follow best practices for managing access. Option B incorrectly uses the roles/logging.viewer role, which does not provide the required access to Data Access audit logs.