Google Cloud Professional Cloud Network Engineer — Question 16

Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.
How should you set up permissions for the networking team?

Answer options

• A. Assign members of the networking team the compute.networkUser role.
• B. Assign members of the networking team the compute.networkAdmin role.
• C. Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
• D. Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.

Correct answer: B

Explanation

The correct answer is B because the compute.networkAdmin role allows users to view, create, modify, and delete firewall rules, which is necessary for the networking team to manage their responsibilities effectively. Options A and D do not provide sufficient permissions for the networking team to view the required firewall rules adequately. Option C would limit their access too much, preventing them from accessing necessary networking resources.