ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.1: Setting up cloud projects and accountsDomain 1IAMApp Engine

GCP ACE · Question 02 · Domain 1.1: Setting up cloud projects and accounts

A developer on your team needs to manage App Engine applications, including deploying new versions and splitting traffic. However, they should not be able to create Compute Engine instances or manage Cloud Storage buckets.

Which predefined IAM role should you assign to this developer?

Answer options:

A.

App Engine Admin

B.

App Engine Deployer

C.

Project Editor

D.

App Engine Creator

How to approach this question

Evaluate the requirements: full App Engine management (deploy + traffic split) but no other services. Match this to the principle of least privilege.

Full Answer

A.App Engine Admin✓ Correct
App Engine Admin
The App Engine Admin role (roles/appengine.appAdmin) grants full read/write access to App Engine configurations and settings, allowing the user to deploy versions and split traffic. It adheres to the principle of least privilege by restricting access to only App Engine.

Common mistakes

Selecting Project Editor, which works but violates security best practices by granting too much access.
01All questions03

Practice the full GCP Associate Cloud Engineer Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...MediumQ06You have just installed the Google Cloud SDK on your local workstation. You need to authenticate ...Medium
View all 50 questions →