ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)Domain 5.1IAMPrimitive RolesSecurity

GCP ACE · Question 43 · Domain 5.1: Managing Identity and Access Management (IAM)

Google Cloud strongly recommends avoiding the use of primitive IAM roles (Owner, Editor, Viewer) in production environments.

What is the primary reason for this recommendation?

Answer options:

A.

Primitive roles incur additional billing charges.

B.

Primitive roles grant broad access across all services in a project, violating the principle of least privilege.

C.

Primitive roles cannot be assigned to Service Accounts.

D.

Primitive roles are being deprecated and will be removed from GCP soon.

How to approach this question

Understand the difference in scope between primitive roles and predefined roles.

Full Answer

B.Primitive roles grant broad access across all services in a project, violating the principle of least privilege.✓ Correct
Primitive roles grant broad access across all services in a project, violating the principle of least privilege.
Primitive roles (Owner, Editor, Viewer) are legacy roles that grant broad, project-wide access across almost all GCP services. Using them violates the principle of least privilege. Predefined roles (e.g., `roles/compute.viewer`) are much more granular and restrict access to specific services and actions.

Common mistakes

Believing primitive roles cannot be used with service accounts.
42All questions44

Practice the full GCP Associate Cloud Engineer Practice Exam 3

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new project in Google Cloud and need to create a new GCP project and enable th...EasyQ02A new team member has joined your operations team. They need to be able to view all Compute Engin...MediumQ03Your company is migrating to Google Cloud. You currently manage all employee identities in an on-...MediumQ04Your development team is experimenting with new GCP services in a sandbox project. The finance te...MediumQ05Your company wants to perform complex, custom SQL analysis on their Google Cloud billing data to ...Easy
View all 50 questions →