Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam
Go to Exam

Exam Associate Cloud Engineer topic 1 question 67 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 67
Topic #: 1
[All Associate Cloud Engineer Questions]

You built an application on Google Cloud that uses Cloud Spanner. Your support team needs to monitor the environment but should not have access to table data.
You need a streamlined solution to grant the correct permissions to your support team, and you want to follow Google-recommended practices. What should you do?

  • A. Add the support team group to the roles/monitoring.viewer role
  • B. Add the support team group to the roles/spanner.databaseUser role.
  • C. Add the support team group to the roles/spanner.databaseReader role.
  • D. Add the support team group to the roles/stackdriver.accounts.viewer role.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by [deleted] at June 5, 2020, 2:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
poogcp
Highly Voted 4 years, 5 months ago
its A, As you need to monitor only
upvoted 46 times
WindDriver
3 years, 4 months ago
A, right, correct answer. B and C are incorrect because allow to read data. D also incorrect: Not for monitoring. roles/stackdriver.accounts.viewer Stackdriver Accounts Viewer: Read-only access to get and list information about Stackdriver account structure (resourcemanager.projects.get, resourcemanager.projects.list and stackdriver.projects.get)
upvoted 15 times
WindDriver
3 years, 4 months ago
https://cloud.google.com/iam/docs/understanding-roles
upvoted 3 times
...
...
...
Gurnoor
Highly Voted 4 years, 5 months ago
A is correct as user should not have any access to data, so B and C cant be used in this scenario.
upvoted 19 times
...
nish2288
Most Recent 5 months ago
Its D. Stackdriver roles in GCP (Google Cloud Platform) are predefined sets of permissions that control access to monitoring and logging data within Stackdriver, a suite of tools for monitoring and logging applications and infrastructure in GCP. These roles determine what users or groups can see and do within Stackdriver. They allow you to grant granular access levels, ensuring users have the necessary permissions to perform their tasks without exposing sensitive data or granting unnecessary control.
upvoted 1 times
...
ekta25
1 year, 1 month ago
A. Add the support team group to the roles/monitoring.viewer role
upvoted 2 times
...
axantroff
1 year, 1 month ago
Selected Answer: A
Makes sense for me
upvoted 1 times
...
Captain1212
1 year, 2 months ago
Selected Answer: A
A as you only need the monitor access
upvoted 1 times
...
sakdip66
1 year, 7 months ago
the goal of support team is to MONITOR the environment only. therefore roles/monitoring.viewer role is the best option we have https://cloud.google.com/spanner/docs/iam#roles
upvoted 1 times
...
Buruguduystunstugudunstuy
1 year, 9 months ago
Selected Answer: A
Answer A, adding the support team group to the roles/monitoring.viewer role, is the CORRECT answer. This role grants read-only access to monitoring data for all resources in a project, which allows the support team to monitor the environment but not access the table data. Answer B, adding the support team group to the roles/spanner.databaseUser role, grants read and write access to all tables in the specified database, which is NOT required for the support team to monitor the environment. Answer C, adding the support team group to the roles/spanner.databaseReader role, grants read-only access to all tables in the specified database, which would give the support team access to the table data. Answer D, adding the support team group to the roles/stackdriver.accounts.viewer role, grants permissions to view Stackdriver data for all resources in a project, which is NOT directly related to monitoring the Cloud Spanner environment.
upvoted 8 times
...
cslince
1 year, 11 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
Zoze
2 years ago
Selected Answer: A
A is correct, the team need to monitor the environment not read the data.
upvoted 1 times
...
Cornholio_LMC
2 years, 2 months ago
had this question today
upvoted 3 times
...
raghu09
2 years, 2 months ago
Selected Answer: A
B is wrong because it grants write access also we only need monitoring access.
upvoted 1 times
...
RanjithK
2 years, 4 months ago
Selected Answer: A
A. This is the only role that provides read-only access to get and list information about all monitoring data and configurations.
upvoted 2 times
...
AzureDP900
2 years, 5 months ago
You only need to monitor so A is correct!
upvoted 1 times
AzureDP900
2 years, 5 months ago
roles/monitoring.viewer Monitoring Viewer Grants read-only access to Monitoring in the Google Cloud console and API.
upvoted 1 times
...
...
wolfie09
2 years, 5 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
haroldbenites
2 years, 5 months ago
Go for A
upvoted 1 times
...
Priyankahere
2 years, 10 months ago
This was there in exam, go with community answers.
upvoted 8 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel