To grant a group read-only access to all resources, including detection engine rules, which configuration is correct?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

To grant a group read-only access to all resources, including detection engine rules, which configuration is correct?

Explanation:
Granting read-only access to all Chronicle resources, including detection engine rules, is accomplished by using an IAM read-only role applied to a group, so that every member inherits those permissions. The best approach is to create a Google Group for the users, add them to the group, and grant the Chronicle viewer role to that group on the relevant project. This role provides full read-only access across Chronicle resources, including detection engine rules, and applying it to the group makes user management scalable—add or remove people from the group and their access is updated automatically. Other approaches fall short for this requirement. A more restricted read-only role may omit some Chronicle resources or rules, leaving gaps in visibility. Using a workforce identity pool at the organization level introduces unnecessary complexity and federation concerns, and choosing an editor or other higher-privilege role would grant write access, which is not desired for a read-only scenario.

Granting read-only access to all Chronicle resources, including detection engine rules, is accomplished by using an IAM read-only role applied to a group, so that every member inherits those permissions. The best approach is to create a Google Group for the users, add them to the group, and grant the Chronicle viewer role to that group on the relevant project. This role provides full read-only access across Chronicle resources, including detection engine rules, and applying it to the group makes user management scalable—add or remove people from the group and their access is updated automatically.

Other approaches fall short for this requirement. A more restricted read-only role may omit some Chronicle resources or rules, leaving gaps in visibility. Using a workforce identity pool at the organization level introduces unnecessary complexity and federation concerns, and choosing an editor or other higher-privilege role would grant write access, which is not desired for a read-only scenario.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy