Domain 5.1: Managing Identity and Access Management (IAM) — GCP ACE Practice Question 41

How to approach this question

Recall the fundamental security principle of IAM: Least Privilege.

Full Answer

A.Use predefined roles whenever possible to enforce the principle of least privilege.✓ Correct

Google Cloud strongly recommends using Predefined roles (e.g., `roles/compute.instanceAdmin`) over Primitive roles (Owner, Editor, Viewer). Primitive roles grant broad access across all services in a project, violating the principle of least privilege. Predefined roles provide granular access specific to individual services.

Common mistakes

Choosing primitive roles because they are 'easier' to assign, ignoring the security implications.

When configuring Identity and Access Management (IAM) in Google Cloud, what is the recommended best practice regarding the use of Primitive roles (Owner, Editor, Viewer) versus Predefined roles?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 5

More questions from this exam