ExpertEasy1 markMultiple Choice
GCP ACE · Question 41 · Domain 5.1: Managing Identity and Access Management (IAM)
You need to audit the IAM permissions for your GCP project. You want to view a list of all users, groups, and service accounts, along with the roles they have been granted at the project level.
Which gcloud command should you use?
You need to audit the IAM permissions for your GCP project. You want to view a list of all users, groups, and service accounts, along with the roles they have been granted at the project level.
Which gcloud command should you use?
Answer options:
A.
gcloud iam roles list
B.
gcloud projects get-iam-policy [PROJECT_ID]
C.
gcloud iam service-accounts list
D.
gcloud projects describe [PROJECT_ID]
How to approach this question
Identify the command used to retrieve the IAM policy (bindings) for a specific resource (the project).
Full Answer
B.gcloud projects get-iam-policy [PROJECT_ID]✓ Correct
gcloud projects get-iam-policy [PROJECT_ID]
In GCP, permissions are granted via IAM policies attached to resources. To see who has what access at the project level, you retrieve the project's IAM policy using `gcloud projects get-iam-policy [PROJECT_ID]`.
Common mistakes
Choosing `gcloud iam roles list`, which only shows what roles exist, not who is assigned to them.
Practice the full GCP Associate Cloud Engineer Practice Exam 3
50 questions · hints · full answers · grading
More questions from this exam
Q01You are starting a new project in Google Cloud and need to create a new GCP project and enable th...EasyQ02A new team member has joined your operations team. They need to be able to view all Compute Engin...MediumQ03Your company is migrating to Google Cloud. You currently manage all employee identities in an on-...MediumQ04Your development team is experimenting with new GCP services in a sandbox project. The finance te...MediumQ05Your company wants to perform complex, custom SQL analysis on their Google Cloud billing data to ...Easy