Google Cloud Professional Cloud Security Engineer — Question 70
The security operations team needs access to the security-related logs for all projects in their organization. They have the following requirements:
✑ Follow the least privilege model by having only view access to logs.
✑ Have access to Admin Activity logs.
✑ Have access to Data Access logs.
✑ Have access to Access Transparency logs.
Which Identity and Access Management (IAM) role should the security operations team be granted?
Answer options
- A. roles/logging.privateLogViewer
- B. roles/logging.admin
- C. roles/viewer
- D. roles/logging.viewer
Correct answer: A
Explanation
The correct answer is A, roles/logging.privateLogViewer, as it specifically provides view access to the required security logs while maintaining the least privilege model. Option B, roles/logging.admin, grants broader administrative permissions, which are not needed. Option C, roles/viewer, does not include access to the specific Admin Activity and Data Access logs. Option D, roles/logging.viewer, also lacks the necessary permissions for the specified logs.