Domain 5.1: Managing Identity and Access Management (IAM) — GCP ACE Practice Question 43

How to approach this question

Understand the limitations and maintenance requirements of Custom Roles. They are manual and only exist at specific hierarchy levels.

Full Answer

Custom IAM roles allow you to define a precise set of permissions to meet specific security requirements. However, they come with maintenance overhead. Unlike Predefined roles, which Google automatically updates when new features or services are released, Custom roles are static. You are responsible for maintaining them and adding new permissions if needed. Additionally, Custom roles can only be created at the Project or Organization level; they cannot be created at the Folder level.

Common mistakes

Assuming Google updates custom roles, or thinking they can be created at the Folder level.

You are reviewing the IAM policies in your organization and realize that a predefined role grants slightly more permissions than your security team allows. You decide to create a Custom IAM role.

Which TWO statements are true regarding Custom IAM roles? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 6

More questions from this exam

You are reviewing the IAM policies in your organization and realize that a predefined role grants slightly more permissions than your security team allows. You decide to create a Custom IAM role. Which TWO statements are true regarding Custom IAM roles? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 6

More questions from this exam

You are reviewing the IAM policies in your organization and realize that a predefined role grants slightly more permissions than your security team allows. You decide to create a Custom IAM role.

Which TWO statements are true regarding Custom IAM roles? (Select TWO)