ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 140 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 140
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You have deployed a fleet of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?

  • A. Grant the logging.logWriter and monitoring.metricWriter roles to the Compute Engine service accounts.
  • B. Grant the logging.admin and monitoring.editor roles to the Compute Engine service accounts.
  • C. Grant the logging.editor and monitoring.metricWriter roles to the Compute Engine service accounts.
  • D. Grant the logging.logWriter and monitoring.editor roles to the Compute Engine service accounts.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by activist at Oct. 21, 2023, 7:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
xhilmi
4 months, 3 weeks ago
Selected Answer: A
Choose option A Grant the logging.logWriter and monitoring.metricWriter roles to the Compute Engine service accounts. These roles provide the necessary permissions for writing logs and metrics to Cloud Logging and Cloud Monitoring, respectively, without granting overly broad access. This aligns with the principle of least privilege, ensuring that the Compute Engine service accounts have the specific permissions needed for monitoring tasks without unnecessary additional privileges. This approach enables effective visibility for both operations and cyber security teams while maintaining a secure and well-defined access model.
upvoted 2 times
...
lelele2023
6 months ago
Selected Answer: A
Logs Writer (roles/logging.logWriter): Provides the permissions to write log entries. Monitoring Metric Writer (roles/monitoring.metricWriter): Provides write-only access to metrics. This provides exactly the permissions needed by the Cloud Monitoring agent and other systems that send metrics.
upvoted 1 times
...
Jason_Cloud_at
6 months ago
Selected Answer: A
Remove admin role from the options and there is no such role as logging.editor, so it is A
upvoted 4 times
...
activist
6 months, 1 week ago
Answer A seems to be correct as the two "writer" roles are least privilege granted to the service account.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago