Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

Practice GCP Associate Cloud Engineer (ACE)GCP Associate Cloud Engineer Practice Exam 2Question 40

Easy1 markMultiple Choice

Domain 5.1: Managing Identity and Access Management (IAM)IAMRolesSecurity

GCP ACE · Question 40 · Domain 5.1: Managing Identity and Access Management (IAM)

A new team member needs to be able to view all resources in a project, but should not be able to modify them. You want to follow the principle of least privilege.

Which IAM role should you assign?

Answer options:

The primitive 'Viewer' role.

The predefined 'roles/viewer' role.

The predefined 'roles/browser' role.

A custom role with 'get' and 'list' permissions for every service.

How to approach this question

Distinguish between primitive roles, predefined roles, and custom roles.

Full Answer

B.The predefined 'roles/viewer' role.✓ Correct

The predefined 'roles/viewer' role.

The predefined `roles/viewer` role grants read-only access to resources within a project. It is preferred over the legacy primitive `Viewer` role. The `roles/browser` role is too restrictive (only sees the project name), and a custom role is too difficult to maintain for general read access.

Common mistakes

Choosing the primitive Viewer role. GCP best practices strongly recommend using predefined roles (which start with `roles/`) over primitive roles.

Question 39 All questions Question 41

Practice the full GCP Associate Cloud Engineer Practice Exam 2

50 questions · hints · full answers · grading

More questions from this exam

Q01Your company is migrating to Google Cloud and needs to establish a resource hierarchy. You have t...Easy Q02You are managing access to a GCP project. You need to grant 15 developers the ability to view Com...Medium Q03You have created a new GCP project using the Cloud Console. You want to deploy a Cloud Function u...Easy Q04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...Easy Q05Your finance team wants to perform complex SQL analysis on your GCP billing data to understand co...Medium

View all 50 questions →