Domain 1.1: Setting up cloud projects and accounts — GCP ACE Practice Question 02

How to approach this question

Identify the exact permissions needed. Since predefined roles like Instance Admin include create/delete, a custom role is required. Then, apply best practices by assigning the role to a group.

Full Answer

Assign the Compute Instance Admin (v1) role and use a custom role if predefined roles are too broad, but specifically, you should assign the Compute Instance Admin (v1) role and restrict it, or use Compute Instance Admin.

When predefined roles do not meet your specific needs (in this case, needing start/stop/update but NOT create/delete), you should create a custom IAM role with the exact permissions required. Furthermore, Google Cloud best practices dictate that you should assign IAM roles to Google Groups rather than individual user accounts to simplify access management.

Common mistakes

Selecting predefined roles like Compute Instance Admin, which grants too many permissions (including create and delete).

Your development team needs to manage Compute Engine instances in a specific project. They need to be able to start, stop, and configure VMs, but they should not be able to create new VMs or delete existing ones.

Which TWO actions should you take to grant the appropriate access? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 6

More questions from this exam

Your development team needs to manage Compute Engine instances in a specific project. They need to be able to start, stop, and configure VMs, but they should not be able to create new VMs or delete existing ones. Which TWO actions should you take to grant the appropriate access? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 6

More questions from this exam

Your development team needs to manage Compute Engine instances in a specific project. They need to be able to start, stop, and configure VMs, but they should not be able to create new VMs or delete existing ones.

Which TWO actions should you take to grant the appropriate access? (Select TWO)