Google Cloud Professional Cloud Network Engineer — Question 4

You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.
What should you do?

Answer options

• A. Assign each user the editor role.
• B. Assign each user the compute.networkAdmin role.
• C. Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
• D. Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.

Correct answer: B

Explanation

The correct answer is B, as the compute.networkAdmin role grants the necessary permissions for managing Cloud Interconnect VLAN attachments while adhering to the principle of least privilege. Option A assigns broader permissions than necessary, while options C and D do not provide sufficient permissions for modifying and deleting VLAN attachments.