Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 301 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 301
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization is implementing separation of duties in a Google Cloud project. A group of developers must deploy new code, but cannot have permission to change network firewall rules. What should you do?

  • A. Assign the network administrator IAM role to all developers. Tell developers not to change firewall settings.
  • B. Use Access Context Manager to create conditions that allow only authorized administrators to change firewall rules based on attributes such as IP address or device security posture.
  • C. Create and assign two custom IAM roles. Assign the deployer role to control Compute Engine and deployment-related permissions. Assign the network administrator role to manage firewall permissions.
  • D. Grant the editor IAM role to the developer group. Explicitly negate any firewall modification permissions by using IAM deny policies.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by abdelrahman89 at Oct. 4, 2024, 9:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
json4u
1 month, 1 week ago
Selected Answer: C
It's C.
upvoted 1 times
...
abdelrahman89
1 month, 2 weeks ago
C - Custom Roles: Creating custom IAM roles allows you to define granular permissions, ensuring that developers only have the necessary access to deploy new code. Separation of Duties: By assigning the deployer role to control Compute Engine and deployment-related permissions, while assigning the network administrator role to manage firewall permissions, you effectively enforce separation of duties. This reduces the risk of unauthorized access or malicious activities. Granular Control: Custom roles provide more granular control over permissions compared to pre-defined roles, allowing you to tailor access to specific tasks.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel