Google Cloud Professional Cloud DevOps Engineer — Question 44

You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

Answer options

• A. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
• B. Configure Access Context Manager to allow only these members to export logs.
• C. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
• D. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.

Correct answer: A

Explanation

The correct answer is A because granting the logging.configWriter role specifically allows team members to export logs from Stackdriver Logging. Options B, C, and D do not provide the necessary permissions for exporting logs directly, making them inadequate solutions for this requirement.