You are creating a custom IAM role because predefined roles provide too much access. Which TWO statements are true regarding custom IAM roles? (Select TWO)

Answer options:

Custom roles can only be created at the project or organization level, not the folder level.

Custom roles automatically inherit new permissions when Google updates a service.

You must manually maintain custom roles if Google adds new permissions to services.

Custom roles can include permissions from any GCP service without restriction.

Custom roles are recommended over predefined roles for all use cases.

How to approach this question

Understand the limitations and maintenance overhead of custom IAM roles.

Full Answer

Custom IAM roles allow you to combine specific permissions. However, they come with maintenance overhead: Google does not update them when new features/permissions are released. Also, custom roles can only be created at the Organization or Project level; they cannot be created at the Folder level.

Common mistakes

Assuming Google automatically updates custom roles like they do predefined roles.

Question 43 All questions Question 45

Practice the full GCP Associate Cloud Engineer Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01What is the highest level of the Google Cloud resource hierarchy?Easy Q02You need to enable the Compute Engine API in a new project using the command line. Which command ...Easy Q03You are setting up a new GCP environment. You need to grant a group of developers access to view ...Medium Q04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...Easy Q05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium

View all 50 questions →