ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)IAMCustom RolesSecurityResource Hierarchy

GCP ACE · Question 43 · Domain 5.1: Managing Identity and Access Management (IAM)

You are reviewing the IAM policies in your organization and realize that a predefined role grants slightly more permissions than your security team allows. You decide to create a Custom IAM role.

Which TWO statements are true regarding Custom IAM roles? (Select TWO)

Answer options:

A.

Custom roles can be created at the Folder level.

B.

Custom roles can be created at the Project or Organization level.

C.

Google automatically updates your Custom roles with new permissions when new GCP services are released.

D.

You are responsible for maintaining Custom roles and updating them if new permissions are required for a service.

E.

Custom roles can include permissions that are not supported by any predefined roles.

How to approach this question

Understand the limitations and maintenance requirements of Custom Roles. They are manual and only exist at specific hierarchy levels.

Full Answer

Custom roles can be created at the Project or Organization level, and they are not automatically updated by Google when new features are released.
Custom IAM roles allow you to define a precise set of permissions to meet specific security requirements. However, they come with maintenance overhead. Unlike Predefined roles, which Google automatically updates when new features or services are released, Custom roles are static. You are responsible for maintaining them and adding new permissions if needed. Additionally, Custom roles can only be created at the Project or Organization level; they cannot be created at the Folder level.

Common mistakes

Assuming Google updates custom roles, or thinking they can be created at the Folder level.
42All questions44

Practice the full GCP Associate Cloud Engineer Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01What is the primary purpose of a Google Cloud project?EasyQ02Your development team needs to manage Compute Engine instances in a specific project. They need t...MediumQ03You are automating the setup of a new Google Cloud project using a bash script. You need to enabl...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...MediumQ05Your finance team wants to perform granular analysis of your Google Cloud spending using SQL. The...Hard
View all 50 questions →