ExpertMedium1 markMultiple Choice
GCP ACE · Question 02 · Domain 1.1: Setting up cloud projects and accounts
You are managing access to a GCP project. You need to grant 15 developers the ability to view Compute Engine instances. The development team frequently has members joining and leaving.
What is the MOST efficient way to manage their access?
You are managing access to a GCP project. You need to grant 15 developers the ability to view Compute Engine instances. The development team frequently has members joining and leaving.
What is the MOST efficient way to manage their access?
Answer options:
A.
Grant the Compute Viewer role to each developer's individual Google account.
B.
Create a Google Group, add the developers to the group, and grant the Compute Viewer role to the group.
C.
Create a Service Account, grant it the Compute Viewer role, and share the Service Account keys with the developers.
D.
Grant the primitive Viewer role to the entire project for all developers.
How to approach this question
Look for the solution that minimizes operational overhead while maintaining security best practices (least privilege and individual accountability).
Full Answer
B.Create a Google Group, add the developers to the group, and grant the Compute Viewer role to the group.✓ Correct
Create a Google Group, add the developers to the group, and grant the Compute Viewer role to the group.
Google Cloud best practices dictate using Google Groups to manage access for teams. This decouples IAM policy management from user lifecycle management. When a user leaves, you remove them from the group, instantly revoking their access across all projects where the group has roles.
Common mistakes
Choosing individual user assignment, which does not scale well.
Practice the full GCP Associate Cloud Engineer Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01Your company is migrating to Google Cloud and needs to establish a resource hierarchy. You have t...EasyQ03You have created a new GCP project using the Cloud Console. You want to deploy a Cloud Function u...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...EasyQ05Your finance team wants to perform complex SQL analysis on your GCP billing data to understand co...MediumQ06You have just installed the Google Cloud SDK on your local machine. You want to authenticate, set...Medium