Google Cloud Professional Cloud DevOps Engineer — Question 23

You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?

Answer options

• A. Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.
• B. Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Stackdriver workspaces inside each project.
• C. Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
• D. Create a new GCP monitoring project and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

Correct answer: D

Explanation

The correct answer is D because creating a new GCP monitoring project with a Stackdriver Workspace allows for centralized monitoring while minimizing access to only necessary resources, adhering to the principle of least privilege. Options A and B provide excessive access by granting read permissions to all production projects, which does not align with least privilege principles. Option C does not create a dedicated monitoring project, which could lead to issues with managing access and alerts effectively.