ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)Domain 5IAMCustom Roles

GCP ACE · Question 43 · Domain 5.1: Managing Identity and Access Management (IAM)

You have reviewed all predefined IAM roles but cannot find one that exactly matches the specific set of permissions required by a custom internal application. You decide to create a Custom IAM Role.

Which TWO statements are true regarding Custom IAM Roles? (Select TWO)

Answer options:

A.

Custom roles can be created at the project or organization level

B.

Custom roles are not maintained by Google and will not automatically receive new permissions when new features are released

C.

Custom roles can be created at the folder level

D.

Custom roles are always free to use regardless of how many you create

E.

Custom roles automatically inherit permissions from primitive roles

How to approach this question

Understand the limitations and management overhead of Custom Roles compared to Predefined Roles.

Full Answer

Custom roles can be created at the project or organization level, Custom roles are not maintained by Google and will not automatically receive new permissions when new features are released
Custom IAM roles allow you to combine specific permissions. They can be created at the Project level or the Organization level (but NOT the folder level). A key operational difference is maintenance: Google automatically updates Predefined roles when new features/permissions are added to a service. Custom roles are not updated by Google; the customer is entirely responsible for maintaining them.

Common mistakes

Assuming custom roles can be created at the folder level, or assuming Google updates them automatically.
42All questions44

Practice the full GCP Associate Cloud Engineer Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ02A developer on your team needs to manage App Engine applications, including deploying new version...MediumQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...Medium
View all 50 questions →