ExpertMedium1 markMultiple Choice
GCP ACE · Question 42 · Domain 5.1: Managing Identity and Access Management
A developer needs to view the configuration of Compute Engine instances and Cloud Storage buckets in a project, but should not be able to create, modify, or delete any resources. Which IAM role should you assign?
A developer needs to view the configuration of Compute Engine instances and Cloud Storage buckets in a project, but should not be able to create, modify, or delete any resources. Which IAM role should you assign?
Answer options:
A.
roles/editor at the project level.
B.
roles/viewer at the project level.
C.
roles/compute.admin and roles/storage.admin
D.
roles/browser
How to approach this question
Identify the role that provides read-only access across multiple services.
Full Answer
B.roles/viewer at the project level.✓ Correct
roles/viewer at the project level.
The primitive `roles/viewer` role grants permissions for read-only actions, such as viewing existing resources and their configurations, across almost all services in the project. This perfectly matches the requirement to view Compute and Storage without modifying them.
Common mistakes
Selecting Browser, which only lets you see that the project exists, not what is inside it.
Practice the full GCP Associate Cloud Engineer Practice Exam 1
50 questions · hints · full answers · grading
More questions from this exam
Q01What is the highest level of the Google Cloud resource hierarchy?EasyQ02You need to enable the Compute Engine API in a new project using the command line. Which command ...EasyQ03You are setting up a new GCP environment. You need to grant a group of developers access to view ...MediumQ04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...EasyQ05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium