Question: 1/50
You need to ensure that security analysts can investigate alerts in Google Security Operations without being able to change detection rules or platform configuration. What is the best approach?
Grant the analysts an administrator role so they can access all investigation data
Use the principle of least privilege by assigning an investigation-only role and separate rule-management permissions to a small group
Create a single shared account for the SOC team to avoid permission drift
Grant broad project-level Owner on the logging project and rely on internal process controls