ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)IAMRolesSecurityFundamentals

GCP ACE · Question 41 · Domain 5.1: Managing Identity and Access Management (IAM)

In Google Cloud Identity and Access Management (IAM), what is the primary difference between Primitive roles and Predefined roles?

Answer options:

A.

Primitive roles can only be assigned to Service Accounts, while Predefined roles can be assigned to users.

B.

Primitive roles (Owner, Editor, Viewer) offer broad, project-wide access across all services, while Predefined roles offer granular access tailored to specific services.

C.

Predefined roles are created and managed by the customer, while Primitive roles are managed by Google.

D.

Primitive roles incur a monthly billing charge, while Predefined roles are free.

How to approach this question

Understand the history and structure of IAM. Primitive roles are the old, broad roles. Predefined roles are the modern, specific roles.

Full Answer

B.Primitive roles (Owner, Editor, Viewer) offer broad, project-wide access across all services, while Predefined roles offer granular access tailored to specific services.✓ Correct
Primitive roles (roles/viewer, roles/editor, roles/owner) are legacy roles that existed before IAM. They grant broad access to almost all resources in a project. For example, an Editor can modify VMs, Storage buckets, and databases. Predefined roles are managed by Google and provide granular, service-specific access (e.g., roles/compute.instanceAdmin). Google Cloud best practices strongly recommend using Predefined roles to enforce the principle of least privilege.

Common mistakes

Confusing Predefined roles with Custom roles. Predefined are made by Google; Custom are made by you.
40All questions42

Practice the full GCP Associate Cloud Engineer Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01What is the primary purpose of a Google Cloud project?EasyQ02Your development team needs to manage Compute Engine instances in a specific project. They need t...MediumQ03You are automating the setup of a new Google Cloud project using a bash script. You need to enabl...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...MediumQ05Your finance team wants to perform granular analysis of your Google Cloud spending using SQL. The...Hard
View all 50 questions →