ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)IAMGoogle GroupsBest PracticesSecurity

GCP ACE · Question 42 · Domain 5.1: Managing Identity and Access Management (IAM)

Your company has a team of 50 data scientists who all need the 'BigQuery Data Viewer' role on a specific project. Team members frequently join and leave the company.

What is the MOST efficient and secure way to manage these IAM assignments?

Answer options:

A.

Assign the role to each data scientist's individual Google account in the IAM console.

B.

Create a Service Account, assign the role to it, and share the Service Account JSON key with the team.

C.

Create a Google Group, add the data scientists to the group, and assign the 'BigQuery Data Viewer' role to the Google Group.

D.

Assign the 'BigQuery Data Viewer' role to the 'allAuthenticatedUsers' special identifier.

How to approach this question

Identify the best practice for managing permissions for multiple users at scale.

Full Answer

C.Create a Google Group, add the data scientists to the group, and assign the 'BigQuery Data Viewer' role to the Google Group.✓ Correct
The best practice for managing IAM roles for multiple users who share the same job function is to use Google Groups. You create a group (e.g., data-scientists@company.com), add the users to the group, and then assign the necessary IAM roles to the group itself. When a new person joins, you simply add them to the group, and they automatically inherit the permissions. This drastically reduces administrative overhead and prevents orphaned permissions when people leave.

Common mistakes

Choosing to assign roles individually, which works but is not 'efficient', or sharing service account keys, which is a major security violation.
41All questions43

Practice the full GCP Associate Cloud Engineer Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01What is the primary purpose of a Google Cloud project?EasyQ02Your development team needs to manage Compute Engine instances in a specific project. They need t...MediumQ03You are automating the setup of a new Google Cloud project using a bash script. You need to enabl...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...MediumQ05Your finance team wants to perform granular analysis of your Google Cloud spending using SQL. The...Hard
View all 50 questions →