Exam Professional Cloud Network Engineer topic 1 question 11 discussion

Answer is A: A Shared VPC Admin can define a Security Admin by granting an IAM member the Security Admin (compute.securityAdmin) role to the host project. Security Admins manage firewall rules and SSL certificates.

The correct answer is A. Security Admin privileges from the Shared VPC Admin. Since you currently have Network Admin permissions, which do not allow modification of firewall rules, you should request Security Admin privileges. This will give you the necessary permissions to manage and update firewall rules in the Shared VPC while following the least privilege principle. This ensures that you have just the required level of access without unnecessary permissions.

Service Project Admin privileges provide you with the necessary permissions to manage resources within a service project, including managing firewall rules associated with that project. This adheres to the least privilege principle because you're only requesting the minimal set of permissions to manage firewall rules within your assigned service project.

Choose option A. Explanation: Security Admin Role: The Security Admin role is specific to managing firewall rules and network-related permissions within a project. It allows you to manage firewall rules, among other network-related configurations. Shared VPC Admin: Shared VPC Admin has broader permissions, including the ability to manage shared VPC configurations, but it may grant more permissions than necessary for managing firewall rules. Options B, C, and D provide broader permissions than necessary for the task of updating firewall rules within a shared VPC: Therefore, option A is the most specific and least privileged option for managing firewall rules within the shared VPC context.

A: Security Admin ******* • IAM principal in the host project, or • IAM principal in the organization A Shared VPC Admin can define a Security Admin by granting an IAM principal the Security Admin (compute.securityAdmin) role to the host project. Security Admins manage firewall rules and SSL certificates.

Answer is A

Answer should be A

Answer is A

Answer is A: https://cloud.google.com/vpc/docs/shared-vpc#net_and_security_admins it's states: 'A Shared VPC Admin can define a Security Admin by granting an IAM principal the Security Admin (compute.securityAdmin) role to the host project. Security Admins manage firewall rules and SSL certificates.'

Ans - A

Should be A

"A" - based on least privilege approach

https://cloud.google.com/vpc/docs/shared-vpc . It's B

A "shared VPC admin", not clear what that could be :), cannot give that kind of permissions. It's D for me.