Domain 5.1: Managing Identity and Access Management (IAM) — GCP ACE Practice Question 42

How to approach this question

Identify the IAM feature used when predefined roles do not meet exact requirements.

Full Answer

B.Create a Custom IAM role containing only the 'compute.instances.start' and 'compute.instances.stop' permissions.✓ Correct

When predefined roles do not meet your specific needs (either granting too much or too little access), you should create a Custom IAM role. Custom roles allow you to select the exact permissions (e.g., `compute.instances.start`) required, perfectly adhering to the principle of least privilege.

Common mistakes

Trying to use a predefined role that is 'close enough', which violates the strict security requirement stated in the prompt.

Your security team requires a specific IAM role that allows users to start and stop Compute Engine instances, but absolutely nothing else (no creating, no deleting, no viewing disks). You have checked the predefined roles and none match this exact requirement.

What should you do?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 7

More questions from this exam

Your security team requires a specific IAM role that allows users to start and stop Compute Engine instances, but absolutely nothing else (no creating, no deleting, no viewing disks). You have checked the predefined roles and none match this exact requirement. What should you do?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 7

More questions from this exam

Your security team requires a specific IAM role that allows users to start and stop Compute Engine instances, but absolutely nothing else (no creating, no deleting, no viewing disks). You have checked the predefined roles and none match this exact requirement.

What should you do?