You are establishing the IAM policies for a new GCP Organization. Which TWO practices align with Google Cloud IAM best practices? (Select TWO)

Answer options:

Assign IAM roles directly to individual user accounts.

Assign IAM roles to Google Groups, and add users to those groups.

Use the roles/editor basic role for all developers to ensure they have enough permissions.

Use Service Accounts for application-to-application authentication.

Download Service Account JSON keys and store them in your source code repository for easy access.

How to approach this question

Recall the fundamental rules of IAM: Groups over users, Service Accounts for apps, Predefined roles over Basic roles, never commit secrets.

Full Answer

B,D

Google Cloud IAM best practices dictate that you should manage human access via Google Groups (e.g., `dev-team@company.com`) rather than assigning roles to individual users. This makes auditing and offboarding much easier. For non-human access (applications, VMs, CI/CD pipelines), you should always use Service Accounts rather than user credentials.

Common mistakes

Assigning roles to individuals (A). While it works, it becomes an administrative nightmare in an enterprise environment.

Question 44 All questions Question 46

Practice the full GCP Professional Cloud Architect Practice Exam 3

50 questions · hints · full answers · grading

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium Q02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Hard Q03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium Q04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Easy Q05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium

View all 50 questions →