ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)Domain 5IAMSecurity Best Practices

GCP ACE · Question 41 · Domain 5.1: Managing Identity and Access Management (IAM)

When configuring Identity and Access Management (IAM) in Google Cloud, what is the recommended best practice regarding the use of Primitive roles (Owner, Editor, Viewer) versus Predefined roles?

Answer options:

A.

Use predefined roles whenever possible to enforce the principle of least privilege.

B.

Use primitive roles for simplicity, as predefined roles are too complex to manage.

C.

Always create custom roles instead of using predefined roles.

D.

Assign primitive roles directly to users, and predefined roles to Google Groups.

How to approach this question

Recall the fundamental security principle of IAM: Least Privilege.

Full Answer

A.Use predefined roles whenever possible to enforce the principle of least privilege.✓ Correct
Use predefined roles whenever possible to enforce the principle of least privilege.
Google Cloud strongly recommends using Predefined roles (e.g., `roles/compute.instanceAdmin`) over Primitive roles (Owner, Editor, Viewer). Primitive roles grant broad access across all services in a project, violating the principle of least privilege. Predefined roles provide granular access specific to individual services.

Common mistakes

Choosing primitive roles because they are 'easier' to assign, ignoring the security implications.
40All questions42

Practice the full GCP Associate Cloud Engineer Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ02A developer on your team needs to manage App Engine applications, including deploying new version...MediumQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...Medium
View all 50 questions →