Domain 3: Designing for Security and Compliance — GCP PCA Practice Question 25

How to approach this question

Identify the anti-pattern: Basic roles (Owner/Editor/Viewer) are too broad. The solution is to use Predefined roles that match the exact job function.

Full Answer

B.Remove the `roles/editor` role. Grant the developers the `roles/viewer` and `roles/compute.instanceAdmin.v1` predefined roles.✓ Correct

The `roles/editor` role is a legacy Basic role that grants broad modify access across almost all GCP services. Best practice dictates using Predefined roles to enforce least privilege. Combining `roles/viewer` (read-only across the project) with `roles/compute.instanceAdmin.v1` (full control over VMs) exactly meets the security team's requirements.

Common mistakes

Choosing Custom Roles (C). While custom roles work, they are an administrative burden. You should only create custom roles if no combination of predefined roles fits the need.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 3

More questions from this exam