GCP Professional Cloud Security Engineer Practice Question
Your organization uses a dedicated project to aggregate all Cloud Logging data in a centrally managed log bucket. A group of compliance auditors must be able to update retention policies, create log views, and manage log sinks for the bucket. They must also review Data Access audit log entries coming from every project. To follow the principle of least privilege, you want to grant a single predefined IAM role on the logging project that satisfies both requirements. Which role should you assign?
Grant roles/logging.configWriter on the logging project.
Grant roles/logging.privateLogViewer on the logging project.
Grant both roles/logging.configWriter and roles/logging.privateLogViewer on the logging project.
The Logging Admin role (roles/logging.admin) includes every Cloud Logging permission, which allows holders to configure log buckets, sinks, and views, set retention policies, and read all log entries, including sensitive Data Access audit logs. Logging Config Writer can manage logging configurations but cannot view log entries, and Private Logs Viewer can read Data Access logs but cannot modify logging settings. Granting both roles would violate the requirement to use a single role. Therefore, Logging Admin is the only single predefined role that covers both capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in IAM roles?
Open an interactive chat with Bash
What permissions does the Logging Admin role provide in GCP?
Open an interactive chat with Bash
Why is roles/logging.configWriter not sufficient for this scenario?
Open an interactive chat with Bash
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
What does the roles/logging.admin IAM role allow a user to do?
Open an interactive chat with Bash
What are Cloud Logging buckets, sinks, and views?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .