Easy1 markMultiple Choice

Domain 5.1: Managing Identity and Access Management (IAM)Domain 5.1IAMSecurity

GCP ACE · Question 41 · Domain 5.1: Managing Identity and Access Management (IAM)

You are reviewing the IAM permissions for your project. You notice several users have the 'Editor' role.

Why does Google recommend using Predefined roles instead of Primitive roles (like Owner, Editor, Viewer)?

Answer options:

Primitive roles cost more to use than Predefined roles.

Predefined roles provide granular access control, adhering to the principle of least privilege.

Primitive roles cannot be assigned to Service Accounts.

Predefined roles automatically expire after 30 days.

How to approach this question

Understand the security benefits of granular IAM roles.

Full Answer

B.Predefined roles provide granular access control, adhering to the principle of least privilege.✓ Correct

Predefined roles provide granular access control, adhering to the principle of least privilege.

Primitive roles (Owner, Editor, Viewer) grant broad permissions across almost all GCP services in a project. Google strongly recommends using Predefined roles (e.g., `roles/compute.instanceAdmin`) because they offer granular, service-specific permissions, allowing you to enforce the principle of least privilege.

Common mistakes

Believing primitive roles have technical limitations (like not working with service accounts) rather than security implications.

Question 40 All questions Question 42

Practice the full GCP Associate Cloud Engineer Practice Exam 4

50 questions · hints · full answers · grading

More questions from this exam

Q01You have recently joined a new team and need to set up a new Google Cloud project for a developme...Easy Q02Your company uses Google Workspace. You need to grant a new developer, Alice, the ability to view...Medium Q03You have created a new GCP project and want to deploy a Compute Engine instance. However, when yo...Medium Q04Your startup has a strict monthly cloud budget of $500. You want to be notified via email when yo...Easy Q05Your finance team wants to analyze Google Cloud costs using standard SQL and build custom dashboa...Medium

View all 50 questions →

You are reviewing the IAM permissions for your project. You notice several users have the 'Editor' role. Why does Google recommend using Predefined roles instead of Primitive roles (like Owner, Editor, Viewer)?