ExpertMedium1 markMultiple Choice
GCP ACE · Question 02 · Domain 1.1: Setting up cloud projects and accounts
A new team member has joined your operations team. They need to be able to view all Compute Engine instances, their configurations, and their current state across your project, but they should not be able to start, stop, or modify any instances.
Which predefined IAM role should you assign to this user?
A new team member has joined your operations team. They need to be able to view all Compute Engine instances, their configurations, and their current state across your project, but they should not be able to start, stop, or modify any instances.
Which predefined IAM role should you assign to this user?
Answer options:
A.
roles/compute.networkViewer
B.
roles/viewer
C.
roles/compute.viewer
D.
roles/compute.instanceAdmin.v1
How to approach this question
Apply the principle of least privilege. Look for a predefined role specific to the service (Compute Engine) and the action (viewing).
Full Answer
C.roles/compute.viewer✓ Correct
The `roles/compute.viewer` role grants permissions to list and get information about Compute Engine resources without granting permission to modify them. This adheres to the principle of least privilege.
Common mistakes
Selecting `roles/viewer` because it sounds correct, but it grants too much access across the entire project.
Practice the full GCP Associate Cloud Engineer Practice Exam 3
50 questions · hints · full answers · grading
More questions from this exam
Q01You are starting a new project in Google Cloud and need to create a new GCP project and enable th...EasyQ03Your company is migrating to Google Cloud. You currently manage all employee identities in an on-...MediumQ04Your development team is experimenting with new GCP services in a sandbox project. The finance te...MediumQ05Your company wants to perform complex, custom SQL analysis on their Google Cloud billing data to ...EasyQ06You have just installed the Google Cloud SDK on your local workstation. You need to authenticate ...Easy