ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)Domain 5.1IAMBest PracticesGoogle Groups

GCP ACE · Question 44 · Domain 5.1: Managing Identity and Access Management (IAM)

Your company has a team of 50 developers. They all need the roles/compute.instanceAdmin role in the 'dev-project'.

According to Google Cloud best practices, which TWO actions should you take to manage this access efficiently? (Select TWO)

Answer options:

A.

Assign the role to each developer's individual email address.

B.

Create a Google Group (e.g., developers@company.com) and add all 50 developers to the group.

C.

Assign the roles/compute.instanceAdmin role to the Google Group at the project level.

D.

Create a shared Service Account with the role and give all developers the password.

E.

Assign the 'Editor' primitive role to the group to ensure they have enough access.

How to approach this question

Identify the best practice for managing IAM for large teams.

Full Answer

Create a Google Group (e.g., developers@company.com) and add all 50 developers to the group., Assign the `roles/compute.instanceAdmin` role to the Google Group at the project level.
Google strongly recommends using Google Groups to manage IAM permissions for teams. You add users to the group, and assign the IAM role to the group. When a developer joins or leaves the company, you only update the group membership in Google Workspace/Cloud Identity; the GCP IAM policy remains unchanged.

Common mistakes

Assigning roles to individual users, which creates a maintenance nightmare.
43All questions45

Practice the full GCP Associate Cloud Engineer Practice Exam 4

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You have recently joined a new team and need to set up a new Google Cloud project for a developme...EasyQ02Your company uses Google Workspace. You need to grant a new developer, Alice, the ability to view...MediumQ03You have created a new GCP project and want to deploy a Compute Engine instance. However, when yo...MediumQ04Your startup has a strict monthly cloud budget of $500. You want to be notified via email when yo...EasyQ05Your finance team wants to analyze Google Cloud costs using standard SQL and build custom dashboa...Medium
View all 50 questions →