Google Cloud Professional Cloud Security Engineer Practice Exam

What type of access should your team grant to manage permissions and audit domain resources within a Cloud Identity domain?

• A. Project Viewer
• B. Organization Administrator
• C. Service Account User
• D. Billing Account Administrator

The correct answer is: Organization Administrator

To effectively manage permissions and audit domain resources within a Cloud Identity domain, granting Organization Administrator access is essential. This role enables comprehensive oversight of the organization's resources, including the ability to manage user permissions and access controls across all projects and services associated with the organization. An Organization Administrator has the highest level of access within the Google Cloud organizational structure, allowing them to create, modify, and delete resources as needed. This role also encompasses broad administrative capabilities, including managing user roles and permissions across the organization and auditing its resources. This level of access is crucial for maintaining security and ensuring that the correct permissions are granted according to organizational policies and compliance requirements. In contrast, the other roles listed offer more limited scopes of access. For example, a Project Viewer can only see resources within a specific project and does not have the permissions to manage user access or perform auditing across the entire organization. Service Account User allows the use of service accounts for applications but does not grant administrative privileges for resource management. Similarly, a Billing Account Administrator focuses solely on managing billing and financial aspects and does not possess the necessary permissions for auditing or managing domain resources comprehensively. Therefore, only the Organization Administrator role aligns with the requirements for managing permissions and auditing effectively within a Cloud Identity domain.