Domain 5.1: Managing Identity and Access Management (IAM) — GCP ACE Practice Question 41

How to approach this question

Understand the difference between primitive roles and predefined roles in IAM.

Full Answer

A.It is a primitive role that grants broad permissions across almost all services in the project, violating the principle of least privilege.✓ Correct

It is a primitive role that grants broad permissions across almost all services in the project, violating the principle of least privilege.

The 'Editor' role is one of the three primitive roles (Viewer, Editor, Owner). It grants permissions to create, modify, and delete resources across almost all Google Cloud services in the project. Google strongly recommends using predefined roles (e.g., 'Compute Instance Admin') instead, as they provide granular access control adhering to the principle of least privilege.

Common mistakes

Believing Editor can change IAM policies. Only Owner (or roles like Security Admin) can change IAM policies.

You are reviewing IAM roles in your Google Cloud project. You notice several users have the 'Editor' role. According to Google Cloud security best practices, why should you avoid using the 'Editor' role?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 7

More questions from this exam