Free Google Cloud-Digital-Leader Actual Exam Questions - Question 9 Discussion
customize access to resources for each department.
What is the quickest and most efficient way to achieve this?
Maybe B makes sense since assigning roles directly to employees could be faster if the IAM roles aren’t pre-defined yet. It avoids extra setup time compared to creating department-based roles.
A makes more sense since managing by department roles is simpler and less error-prone.
Maybe B makes the most sense if you think about speed and efficiency from an admin perspective. Assigning primitive roles directly to employees is straightforward since those roles are already predefined by the platform, so no need to create or customize anything. It might not be the most granular or secure, but it’s definitely quick. A sounds better for customization but could take longer if you have to map or create roles for each department first. So if the goal is quick and efficient, B seems like a practical approach despite its downsides.
I’m skeptical about D since a single shared service account sounds like a security nightmare and not really customizing access. B feels off because assigning primitive roles individually to every employee is usually time-consuming and less flexible. A might be faster because you set roles once per department and then just assign them accordingly, which matches the “quickest and most efficient” part. But the question doesn’t say if those roles exist already or if you have to create them first. Does anyone think C’s focus on least privilege per employee could be just as quick when using predefin
C imo, least-privilege on roles per employee avoids over-permission issues.
I agree that B and D aren’t great options. But what if "mapping IAM roles to job functions" means creating roles that fit each department’s needs directly, making A a neat way to handle this without overcomplicating? Could C do this better?
A vs B – B seems off because giving primitive roles to each employee individually would be a huge hassle and not scalable. D is risky since a shared service account could mess up tracking and security. So A makes more sense since mapping roles to job functions should let you quickly set access based on what each department needs without assigning permissions one by one.
Option A sounds right but what exactly do they mean by "job functions"?