Exam: Cloud Digital Leader 0 Likes

Several departments in an organization are working together on a (Digital Leader)

Updated on 05/24/2024

Several departments in an organization are working together on a project. The organization wants to customize access to resources for each department.

What is the quickest and most efficient way to achieve this?

A) By mapping IAM roles to job functions for each department
B) By assigning IAM primitive roles to each employee
C) By applying least-privilege to roles for each employee
D) By creating a single shared service account for all departments


Solution

Correct answer: A) By mapping IAM roles to job functions for each department.
Here's why:

A) Mapping IAM (Identity and Access Management) roles to job functions for each department allows for granular control over access permissions based on the specific roles and responsibilities within each department. By defining IAM roles that align with the job functions of each department, administrators can easily assign appropriate access levels to employees, ensuring that they have the necessary permissions to perform their tasks without granting unnecessary access.

B) Assigning IAM primitive roles to each employee can lead to a proliferation of roles and a lack of consistency in access management. It may also result in over-privileged or under-privileged permissions for certain employees, as primitive roles provide broad access without fine-grained control.

C) Applying least-privilege to roles for each employee is important for security and access control, but it may not be the quickest or most efficient way to customize access for each department. Least-privilege should be implemented within the context of mapped IAM roles to job functions, ensuring that employees have access only to the resources necessary for their specific roles.

D) Creating a single shared service account for all departments would not allow for customized access control based on departmental requirements. It could lead to security risks and potential conflicts of interest, as different departments may have distinct access needs and responsibilities.

Category: Google Cloud security and operations

There are no comments yet.

Authentication required

You must log in to post a comment.
Log in to like this solution

Log in

Support us!
Subscribe Now

Cookies Consent

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All" you consent to our use of cookies. Privacy Policy.