ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.1: Setting up cloud projects and accountsIAMCustom RolesCompute EngineBest Practices

GCP ACE · Question 02 · Domain 1.1: Setting up cloud projects and accounts

Your development team needs to manage Compute Engine instances in a specific project. They need to be able to start, stop, and configure VMs, but they should not be able to create new VMs or delete existing ones.

Which TWO actions should you take to grant the appropriate access? (Select TWO)

Answer options:

A.

Assign the roles/compute.instanceAdmin.v1 role to the development team's Google Group.

B.

Create a custom IAM role with the compute.instances.start, compute.instances.stop, and compute.instances.update permissions.

C.

Assign the custom IAM role to the development team's Google Group.

D.

Assign the roles/editor primitive role to the development team.

E.

Assign the roles/compute.networkAdmin role to the development team.

How to approach this question

Identify the exact permissions needed. Since predefined roles like Instance Admin include create/delete, a custom role is required. Then, apply best practices by assigning the role to a group.

Full Answer

When predefined roles do not meet your specific needs (in this case, needing start/stop/update but NOT create/delete), you should create a custom IAM role with the exact permissions required. Furthermore, Google Cloud best practices dictate that you should assign IAM roles to Google Groups rather than individual user accounts to simplify access management.

Common mistakes

Selecting predefined roles like Compute Instance Admin, which grants too many permissions (including create and delete).
01All questions03

Practice the full GCP Associate Cloud Engineer Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01What is the primary purpose of a Google Cloud project?EasyQ03You are automating the setup of a new Google Cloud project using a bash script. You need to enabl...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...MediumQ05Your finance team wants to perform granular analysis of your Google Cloud spending using SQL. The...HardQ06You have just installed the Google Cloud SDK on your local workstation. You want to authenticate ...Easy
View all 50 questions →