ExpertMedium1 markMultiple Choice
GCP ACE · Question 42 · Domain 5.1: Managing Identity and Access Management (IAM)
You need to grant a new auditor access to your Google Cloud project. The auditor needs to be able to list and view the configuration of all Compute Engine instances, but they must NOT be able to start, stop, or modify them. They also should not have access to view Cloud Storage data.
Which IAM role should you assign?
You need to grant a new auditor access to your Google Cloud project. The auditor needs to be able to list and view the configuration of all Compute Engine instances, but they must NOT be able to start, stop, or modify them. They also should not have access to view Cloud Storage data.
Which IAM role should you assign?
Answer options:
A.
roles/compute.viewer
B.
roles/compute.networkViewer
C.
roles/viewer
D.
roles/compute.admin
How to approach this question
Match the service (Compute Engine) and the access level (read-only) to the correct predefined role format.
Full Answer
A.roles/compute.viewer✓ Correct
roles/compute.viewer
The `roles/compute.viewer` role provides read-only access to get and list Compute Engine resources. It does not allow modifications, and because it is a predefined role specific to Compute Engine, it does not grant access to other services like Cloud Storage. The primitive `roles/viewer` would grant too much access.
Common mistakes
Selecting `roles/viewer` (primitive role) which grants read access to everything, not just Compute Engine.
Practice the full GCP Associate Cloud Engineer Practice Exam 5
50 questions · hints · full answers · grading
More questions from this exam
Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ02A developer on your team needs to manage App Engine applications, including deploying new version...MediumQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...Medium