Cloud Iam MCQ Questions and Answers

Mastering Cloud Iam is crucial for cloud certification success. This dedicated practice set features 148 Cloud Iam MCQ questions and answers designed to mirror real exam scenarios across various GCP certifications.

📝 148 Questions⏱️ 90 min🎯 Pass: 70%

About Cloud Iam Practice Questions

This detailed quiz focuses on Cloud Iam, covering key concepts and scenarios often found in GCP exams.

  • Comprehensive coverage of Cloud Iam features.
  • Scenario-based questions testing design and troubleshooting skills.
  • Detailed explanations to reinforce learning.

All 148 Cloud Iam Questions

Browse through the complete list of questions and answers below. Use this resource to review specific concepts or check your understanding of Cloud Iam.

1

What does Cloud IAM (Identity and Access Management) allow you to do?

Define who (identity) has what access (role) to which resource
Create new physical data centers
Manage the electricity bill for your company
Fix bugs in your application code
View Explanation
✓ Correct Answer: Define who (identity) has what access (role) to which resourceExplanation:IAM is the fundamental security service for Google Cloud.
2

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
3

In Cloud IAM, what is an 'Identity'?

An entity that can be granted access to resources (e.g., Google account, Service Account, or Group)
The name of the GCP project
A password
A type of physical ID card
View Explanation
✓ Correct Answer: An entity that can be granted access to resources (e.g., Google account, Service Account, or Group)Explanation:Identities are the 'who' in the IAM equation.
4

What is a 'Service Account' in Cloud IAM?

An identity used by applications or virtual machines to perform authorized API calls
A user account for Google support employees
A billing account
A temporary guest user
View Explanation
✓ Correct Answer: An identity used by applications or virtual machines to perform authorized API callsExplanation:Service accounts allow for non-human identities to interact with GCP services securely.
5

What is a 'Predefined Role' in Cloud IAM?

A role managed by Google that contains a set of permissions for a specific service (e.g., 'Storage Admin')
A role that the user creates themselves
A role that has no permissions
A role that is only for the CEO
View Explanation
✓ Correct Answer: A role managed by Google that contains a set of permissions for a specific service (e.g., 'Storage Admin')Explanation:Google provides many predefined roles so you don't have to manage individual permissions yourself.
6

What is the 'Principle of Least Privilege' in the context of IAM?

Granting only the minimum permissions required for a user to perform their job
Giving everyone admin access by default
Restricting access based on the person's age
Allowing access only from the Google office
View Explanation
✓ Correct Answer: Granting only the minimum permissions required for a user to perform their jobExplanation:Least privilege is a security best practice that reduces the 'blast radius' of a compromised account.
7

What is an 'IAM Policy'?

A collection of statements that bind one or more identities to a specific role
A legal contract with Google
The name of the security team
A list of IP addresses
View Explanation
✓ Correct Answer: A collection of statements that bind one or more identities to a specific roleExplanation:Policies are the actual objects that enforce access control.
8

Can you grant IAM permissions at the Folder or Organization level in Google Cloud?

Yes, and permissions are inherited down the resource hierarchy
No, they can only be granted at the project level
Only if you use a secondary billing account
Only for non-Google accounts
View Explanation
✓ Correct Answer: Yes, and permissions are inherited down the resource hierarchyExplanation:Hierarchical IAM allows for efficient management of permissions across many projects.
9

Which tool would you use to find out why a user was denied access to a specific resource?

Policy Troubleshooter
Cloud Billing report
GCP Search
BigQuery
View Explanation
✓ Correct Answer: Policy TroubleshooterExplanation:The Policy Troubleshooter helps diagnose complex IAM permission issues.
10

Are 'Custom Roles' supported in Cloud IAM?

Yes, you can create a unique set of permissions if the predefined roles don't meet your needs
No, you must use what Google provides
Only for the Organization Admin
Only in the 'us-east1' region
View Explanation
✓ Correct Answer: Yes, you can create a unique set of permissions if the predefined roles don't meet your needsExplanation:Custom roles provide the ultimate flexibility but require more management effort.
11

Which IAM role is required to create and manage service accounts in a Google Cloud project?

Service Account Admin
Project Viewer
Compute Admin
Storage Admin
View Explanation
✓ Correct Answer: Service Account AdminExplanation:The Service Account Admin role provides the necessary permissions for SA lifecycle management.
12

What is the best practice for granting permissions in Google Cloud?

Grant the collaborator the least privilege needed to perform their task
Always grant the Owner role to avoid permission errors
Use individual user accounts instead of groups
Share the same password with the whole team
View Explanation
✓ Correct Answer: Grant the collaborator the least privilege needed to perform their taskExplanation:Least privilege is the cornerstone of cloud security.
13

Which IAM entity is a special type of account used by an application or a virtual machine to make authorized API calls?

Service Account
Google Group
G Suite User
Cloud Identity Account
View Explanation
✓ Correct Answer: Service AccountExplanation:Service accounts represent non-human identities.
14

In Google Cloud IAM, what is a 'Predefined Role'?

A role created and maintained by Google that provides granular permissions for a specific service (e.g., Storage Object Viewer)
A role that gives full access to the entire project
A role created by the user
A temporary role that expires in 24 hours
View Explanation
✓ Correct Answer: A role created and maintained by Google that provides granular permissions for a specific service (e.g., Storage Object Viewer)Explanation:Predefined roles are the recommended way to follow the principle of least privilege.
15

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
16

Which IAM identity type is intended for non-human users, such as applications or virtual machines, to authenticate with Google Cloud APIs?

Service Account
Google Group
Cloud Identity User
Customer-managed key
View Explanation
✓ Correct Answer: Service AccountExplanation:Service accounts allow for secure machine-to-machine communication without sharing user passwords.
17

How can an administrator grant a developer permission to create VMs in Project A but only view logs in Project B?

Apply separate IAM policies at the Project level for each project
Assign a single role at the Organization level
Create a custom role that works across both
Use a Shared VPC
View Explanation
✓ Correct Answer: Apply separate IAM policies at the Project level for each projectExplanation:IAM policies are resource-specific and can be applied at different levels of the resource hierarchy.
18

What is the 'Principle of Least Privilege' in the context of IAM?

Granting only the minimum permissions necessary for a user or service to perform its intended job
Giving everyone 'Owner' access to avoid permission errors
Allowing users to choose their own permissions
Only giving access to the cheapest services
View Explanation
✓ Correct Answer: Granting only the minimum permissions necessary for a user or service to perform its intended jobExplanation:Least privilege is a fundamental security best practice to reduce the blast radius of a compromised account.
19

Which 'Primitive Role' provides full control over all resources in a project, including the ability to manage IAM policies?

Owner
Editor
Viewer
Browser
View Explanation
✓ Correct Answer: OwnerExplanation:Owner is the most powerful primitive role and should be used sparingly.
20

What is a 'Custom Role' in Google Cloud IAM?

A user-defined role that combines multiple individual permissions to meet specific organizational needs
A role that has a custom name but predefined permissions
A role that can only be used by one person
A role that is automatically created for every new project
View Explanation
✓ Correct Answer: A user-defined role that combines multiple individual permissions to meet specific organizational needsExplanation:Custom roles provide the ultimate granularity but require more maintenance than predefined roles.
21

Which tool can an administrator use to audit and troubleshoot IAM permissions to see exactly why a user was denied access to a resource?

Policy Troubleshooter
Cloud Logging
Cloud Asset Inventory
Cloud Shell
View Explanation
✓ Correct Answer: Policy TroubleshooterExplanation:Policy Troubleshooter analyzes the IAM policy hierarchy to explain an access result.
22

Can IAM policies be applied at the 'Folder' level in the Google Cloud resource hierarchy?

Yes, and the permissions are inherited by all projects and sub-folders within that folder
No, only at project and organization levels
Only if using Cloud Identity Premium
Only for some services
View Explanation
✓ Correct Answer: Yes, and the permissions are inherited by all projects and sub-folders within that folderExplanation:Folders are a great way to group related projects and apply common security policies.
23

What is the purpose of 'IAM Conditions'?

To grant access only when specific attributes are met, such as the date/time or the resource's name
To force users to accept a terms of service
To check the health of the VM before granting access
To limit the number of users in a role
View Explanation
✓ Correct Answer: To grant access only when specific attributes are met, such as the date/time or the resource's nameExplanation:Conditions allow for time-bound access or context-aware security policies.
24

What is the role of an 'Asset' in Google Cloud Asset Inventory?

A point-in-time snapshot of GCP resource metadata for auditing and compliance
A physical server
A user's password
A bucket name
View Explanation
✓ Correct Answer: A point-in-time snapshot of GCP resource metadata for auditing and complianceExplanation:Asset Inventory provides a searchable history of resource states.
25

Which feature of GCP identifies unused resources and provides recommendations to save money?

Active Assist (Recommender)
Cloud Monitoring
IAM
Budget Alert
View Explanation
✓ Correct Answer: Active Assist (Recommender)Explanation:Recommender finds cost-saving opportunities automatically.
26

What is 'Labeling' used for in GCP resources?

For cost tracking, organization, and filtering resources in the console or CLI
To encrypt the resource
To set the region
To define the firewall rule
View Explanation
✓ Correct Answer: For cost tracking, organization, and filtering resources in the console or CLIExplanation:Labels are key-value pairs for metadata management.
27

Which feature of GCP allows you to connect your on-premises Active Directory to Google Cloud IAM?

Google Cloud Directory Sync (GCDS)
VPC Peering
Cloud VPN
Identity Platform
View Explanation
✓ Correct Answer: Google Cloud Directory Sync (GCDS)Explanation:GCDS synchronizes AD users and groups to GCP.
28

How do you manage multiple GCP projects from a single organizational hierarchy?

GCP Organization Resource
Billing Account
Cloud Identity
Shared VPC
View Explanation
✓ Correct Answer: GCP Organization ResourceExplanation:The Organization resource is the root node of the hierarchy.
29

What is 'Identity-Aware Proxy' (IAP) primarily used for?

Securely access cloud-hosted applications and VMs without a VPN by verifying identity and context
Accelerate global traffic
Filter malicious URLs
Encrypt cloud storage
View Explanation
✓ Correct Answer: Securely access cloud-hosted applications and VMs without a VPN by verifying identity and contextExplanation:IAP provides zero-trust access control.
30

To improve security and reduce cost, you want to identify all Service Accounts in your organization that have not been used for the last 90 days. Which tool provide this information?

Active Assist (Recommender)
Cloud IAM Policy Troubleshooter
IAM Audit Logs
Cloud Asset Inventory
View Explanation
✓ Correct Answer: Active Assist (Recommender)Explanation:The Recommender (part of Active Assist) specifically provides insights into unused service accounts and over-privileged roles to help with least-privilege security.
31

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
32

A financial services client needs to ensure that their cloud-based application is compliant with residency requirements that specify data must never leave the European Union. How can they enforce this at the organization level?

Resource Location Restriction (Organization Policy)
VPC Service Controls
Manual IAM audits
Encryption with EU-based keys
View Explanation
✓ Correct Answer: Resource Location Restriction (Organization Policy)Explanation:The Resource Location Restriction organization policy constraint allows administrators to explicitly define which regions resources can be created in, ensuring data residency compliance.
33

An organization is migrating their on-premises identity system to GCP. They want to ensure that all their employees can use their existing enterprise credentials to log in to the Google Cloud Console. Which tool is necessary?

Cloud Identity with Google Cloud Directory Sync (GCDS)
VPC Network Peering
IAM roles
Cloud Interconnect
View Explanation
✓ Correct Answer: Cloud Identity with Google Cloud Directory Sync (GCDS)Explanation:GCDS (plus optional SAML/OIDC federation) is the foundational tool for synchronizing enterprise identities to Google Cloud.
34

A company wants to analyze their GCP spend across different business departments. They have labeled each project with a 'department' tag. What is the most effective way to produce these reports?

Export Billing data to BigQuery and use Looker for visualization
Manual CSV exports from the console
Use the IAM Activity report
Create a separate billing account for each department
View Explanation
✓ Correct Answer: Export Billing data to BigQuery and use Looker for visualizationExplanation:Exporting Cloud Billing data to BigQuery allows for deep, multi-dimensional analysis using resource labels to group costs by department, environment, or team.
35

An organization following zero-trust principles wants to allow employees to access internal GCP resources only if they are using a company-managed device with an active antivirus and are located in a specific country. Which GCP service enables this context-aware access?

BeyondCorp Enterprise / Context-Aware Access
Cloud VPN
VPC Firewall Rules
Identity-Aware Proxy (IAP) only
View Explanation
✓ Correct Answer: BeyondCorp Enterprise / Context-Aware AccessExplanation:BeyondCorp Enterprise (built with Context-Aware Access and IAP) allows for fine-grained, identity- and context-based access control to applications and infrastructure without a traditional VPN.
36

A SaaS provider wants to ensure that all customer data is stored in the region where the customer is located to comply with local laws. They manage hundreds of GCP projects. How can they enforce this at scale?

Resource Location Restriction (Organization Policy) applied at the folder level for each customer
Manual checks of every resource
Setting a default region in gcloud for all developers
Using one multi-regional bucket for all customers
View Explanation
✓ Correct Answer: Resource Location Restriction (Organization Policy) applied at the folder level for each customerExplanation:Organization Policies can be applied hierarchically (Organization, Folder, or Project). Applying location restrictions at the folder level allows for per-customer geographic compliance.
37

Scenario: To improve security, an architect wants to ensure that all VMs in a production VPC must use a specific Service Account and that 'default' service accounts are never used. How can this be enforced?

Organization Policy with 'Disable Service Account Creation' and 'Disable Default Service Account Usage' (Constraint)
Remove the 'Compute Admin' role
VPC Firewall rules
IAM Audit Logs
View Explanation
✓ Correct Answer: Organization Policy with 'Disable Service Account Creation' and 'Disable Default Service Account Usage' (Constraint)Explanation:Organization Policy constraints can be used to disable the automatic creation and usage of default service accounts, forcing developers to use custom service accounts.
38

A security auditor needs to view the effective IAM permissions of a specific user across all projects in the organization. Which tool provides a way to search for 'Who has what access' across the entire resource hierarchy?

IAM Policy Analyzer (part of Cloud Asset Inventory)
IAM Policy Troubleshooter
Activity API
Cloud Logging
View Explanation
✓ Correct Answer: IAM Policy Analyzer (part of Cloud Asset Inventory)Explanation:Policy Analyzer (formerly IAM Recommender/Search) allows you to perform complex queries across the organization to determine resource access.
39

An organization following the 'Least Privilege' principle wants to restrict all developers from creating new GCP projects. How should they implement this organizational control?

Use an Organization Policy constraint 'Disable Project Creation'
Remove the 'Owner' role from developers at the organization level
Manually delete projects as they are created
Disable the Billing account
View Explanation
✓ Correct Answer: Use an Organization Policy constraint 'Disable Project Creation'Explanation:The Organization Policy Service provides a specific constraint (constraints/resourcemanager.projectCreatorers) that can be set to an empty list to disable self-service project creation.
40

A global conglomerate wants to manage their GCP infrastructure using Terraform but wants to ensure that no developer can bypass the Terraform process and make manual changes in the console. How should they approach this?

Only grant 'Owner' or 'Editor' roles to the Terraform Service Account; all humans get 'Viewer' roles
Delete the console access for all users
Use VPC Service Controls
Enable 'Drift Detection' only
View Explanation
✓ Correct Answer: Only grant 'Owner' or 'Editor' roles to the Terraform Service Account; all humans get 'Viewer' rolesExplanation:The 'Principle of Least Privilege' applied to people (humans) vs automated service accounts is the core of infrastructure-as-code governance.
41

An organization wants to centralize the management of all their GCP projects and enforce strict constraints on which APIs can be enabled in their environment. Where is the best place to apply these 'Organization Policies'?

Organization Node (top level of the hierarchy)
Individual Project level
Billing Account level
IAM User level
View Explanation
✓ Correct Answer: Organization Node (top level of the hierarchy)Explanation:Organization Policies applied at the top-level node (Organization) are inherited by all folders and projects in the hierarchy, ensuring consistent governance across the entire company.
42

An organization wants to ensure that no developer can create a VM with a public IP address. How can they enforce this at the organization level?

Organization Policy constraint 'Define allowed external IPs for VM instances' set to none
IAM role 'Compute Network Viewer' only
VPC Firewall Egress rules
Cloud NAT
View Explanation
✓ Correct Answer: Organization Policy constraint 'Define allowed external IPs for VM instances' set to noneExplanation:The 'Define allowed external IPs for VM instances' organization policy constraint can restrict external IP assignments to specific VMs or block them entirely.
43

Your organization is running several projects in a single GCP project. You want to ensure that Project A cannot access the VPC of Project B. What is the fundamental way to achieve this isolation?

Use separate GCP projects (Isolation by Project)
Use different subnets in the same VPC
Use Firewall rules
Use Shared VPC
View Explanation
✓ Correct Answer: Use separate GCP projects (Isolation by Project)Explanation:In GCP, projects are the primary unit of isolation. Resources (like VPCs) in different projects are completely isolated unless explicitly linked via Peering or Shared VPC.
44

Your organization is audit-heavy. You need to provide a report of all IAM policy changes (e.g., who granted what role to whom) across the entire organization over the last 6 months. Where should you look?

Cloud Audit Logs (Admin Activity)
Activity API
IAM Policy Troubleshooter
Billing Reports
View Explanation
✓ Correct Answer: Cloud Audit Logs (Admin Activity)Explanation:Admin Activity audit logs record all administrative actions, including IAM policy changes, and are retained for 400 days by default.
45

An organization following the 'Principle of Least Privilege' noticed that many developers have the 'Editor' role at the project level. They want to find a more granular set of permissions that better matches actual usage. Which tool automatically provides these recommendations?

IAM Recommender
Policy Troubleshooter
Policy Analyzer
Activity API
View Explanation
✓ Correct Answer: IAM RecommenderExplanation:The IAM Recommender analyzes actual permission usage over the last 90 days and suggests removing unused permissions or switching to more specific, narrower roles.
46

How can you ensure that your Google Cloud organization is protected from an 'account takeover' of a super-administrator user?

Enforce 2-Step Verification (MFA) via Cloud Identity
Use complex passwords
Rotate passwords every 30 days
Limit the number of administrators to one
View Explanation
✓ Correct Answer: Enforce 2-Step Verification (MFA) via Cloud IdentityExplanation:MFA is the single most effective control for preventing unauthorized access via stolen credentials.
47

Your organization wants to implement 'Service Account Impersonation' to allow highly privileged scripts to run without developers having direct access to the service account's private keys. Which IAM role is required to allow a user to impersonate a service account?

Service Account Token Creator
Service Account User
Service Account Admin
Project Editor
View Explanation
✓ Correct Answer: Service Account Token CreatorExplanation:The 'Service Account Token Creator' role allows a principal to impersonate a service account to create OAuth2 tokens, sign blobs, or sign JWTs, providing a more secure way to manage non-human identities.
48

An organization wants to analyze their cloud usage to identify resources that were created more than 3 months ago but have had zero activity. Which Active Assist component should they consult?

Idle Resource Recommender
Cost Optimizer
Managed Service Registry
Cloud Asset Inventory Search
View Explanation
✓ Correct Answer: Idle Resource RecommenderExplanation:The Idle Resource Recommender identifies resources like unused IP addresses, idle VMs, and unattached disks to help organizations reduce waste and lower costs.
49

Which feature of the Google Cloud Resource Manager allows you to group several projects together so that they can all inherit the same set of IAM permissions and Organization Policies?

Folders
Organization Nodes
Labels
VPC networks
View Explanation
✓ Correct Answer: FoldersExplanation:Folders provide an additional level of grouping between the Organization node and individual projects, enabling hierarchical policy management.
50

How can you securely provide temporary administrative access to a specific GCP project for a 3rd-party auditor without granting them long-term roles or needing to manage their credentials?

IAM Conditions (with an expiration timestamp)
Sharing a service account key
Creating a temporary Google group
Using a project lien
View Explanation
✓ Correct Answer: IAM Conditions (with an expiration timestamp)Explanation:IAM Conditions allow you to specify an 'end time' for a role grant. Once the timestamp is reached, the user automatically loses their permissions without manual intervention.
51

How can you analyze the 'Effective Policy' for a resource in GCP, taking into account all inherited permissions from the organization and folders?

Policy Analyzer (Cloud Asset Inventory)
IAM dashboard
Activity API
Cloud Billing report
View Explanation
✓ Correct Answer: Policy Analyzer (Cloud Asset Inventory)Explanation:The Policy Analyzer performs a full calculation of the IAM hierarchy to show exactly who has access to a specific resource, reflecting all inherited roles.
52

Your company is adopting a microservices architecture. They want to ensure that each service has its own dedicated identity and can only access the specific Google Cloud resources it needs. What is the key mechanism?

Assign a unique Service Account to each service
Use a single 'Master' service account for all services
Use the 'default' Compute Engine service account
Use individual user accounts for each service
View Explanation
✓ Correct Answer: Assign a unique Service Account to each serviceExplanation:Using dedicated service accounts per workload is a fundamental security best practice for enforcing the 'Principle of Least Privilege'.
53

An organization wants to ensure that all their employees can access their internal GCP dashboards only while they are connected to the corporate office network. Which tool can enforce this IP-based restriction?

Identity-Aware Proxy (IAP) with Access Levels (Context-Aware Access)
VPC Firewall Rules
Cloud VPN
Cloud Armor
View Explanation
✓ Correct Answer: Identity-Aware Proxy (IAP) with Access Levels (Context-Aware Access)Explanation:Context-Aware Access (built into IAP) allows you to define granular access policies based on the user's IP address, device state, and other context.
54

Which GCP service provides a managed way to run 'Zero-Trust' remote access to on-premises web applications without a VPN?

Identity-Aware Proxy (IAP) with the On-Premises Connector
Cloud VPN
Dedicated Interconnect
Cloud NAT
View Explanation
✓ Correct Answer: Identity-Aware Proxy (IAP) with the On-Premises ConnectorExplanation:IAP can be extended to on-premises apps using a small connector (proxy) that facilitates secure communication from Google's edge to the internal app.
55

An organization wants to analyze the cost of their Google Cloud resources in real-time. They want a solution that scales with their data and allows them to perform complex ad-hoc queries on several years of historical billing data. What should they do?

Export Billing data to BigQuery
Use the Billing dashboard in the console
Export to a CSV file every day
Use Cloud Monitoring
View Explanation
✓ Correct Answer: Export Billing data to BigQueryExplanation:BigQuery is the ideal destination for large-scale billing analysis, allowing for sophisticated cost attribution and trend identification.
56

Your company is acquiring another firm that uses Azure Active Directory (Azure AD). You want to allow their employees to log in to the Google Cloud Console using their existing Azure AD credentials. Which solution is recommended?

Identity Federation (Workforce Identity Federation) using SAML or OIDC
Creating manual accounts for every new employee in Cloud Identity
Setting up a Site-to-Site VPN
Using Shared VPC
View Explanation
✓ Correct Answer: Identity Federation (Workforce Identity Federation) using SAML or OIDCExplanation:Workforce Identity Federation allows you to use an external identity provider (IdP) to authenticate users to Google Cloud, eliminating the need to sync identities into Cloud Identity.
57

An organization wants to analyze their GCP spend and identify 'orphaned' resources (e.g., GCE instances with no network activity). Which tool provides these automated cost-saving recommendations?

Active Assist (Recommender)
Cloud Billing reports
IAM Policy Analyzer
Cloud Logging
View Explanation
✓ Correct Answer: Active Assist (Recommender)Explanation:The Recommender API (Active Assist) specifically identifies unused or underutilized resources to help optimize costs and efficiency.
58

An organization following the 'Zero Trust' model wants to ensure that employees can only access the GCP Console from their company-issued laptops. Which GCP feature enables this device-based access control?

BeyondCorp Enterprise / Endpoint Verification
VPC Firewall rules
Cloud VPN
Identity Platform
View Explanation
✓ Correct Answer: BeyondCorp Enterprise / Endpoint VerificationExplanation:Endpoint Verification (part of BeyondCorp Enterprise) provides device-level context to Access Levels, allowing you to restrict access based on device health and ownership.
59

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
Create long-term access keys for each developer
Share full administrative credentials
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
60

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
61

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Use Google Compute Engine instance profiles
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
62

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Cloud IAM Roles with cross-account access
Create duplicate users in both accounts
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
63

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
64

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
65

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Share full administrative credentials
Create long-term access keys for each developer
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
66

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
67

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
68

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
69

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
70

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
71

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Share full administrative credentials
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
72

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
Cloud IAM Roles with cross-account access
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
73

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
74

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
75

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Use Google Compute Engine instance profiles
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
76

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
77

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
78

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
79

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
80

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
81

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
Share full administrative credentials
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
82

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
83

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
84

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
85

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Use Google Compute Engine instance profiles
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
86

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
87

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
88

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
89

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
90

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
91

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
92

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
93

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
94

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
95

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
Share full administrative credentials
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
96

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
97

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
98

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
99

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Share full administrative credentials
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
100

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
101

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Use Google Compute Engine instance profiles
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
102

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
103

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
Share full administrative credentials
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
104

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Cloud IAM Roles with cross-account access
Create duplicate users in both accounts
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
105

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
Share full administrative credentials
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
106

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
107

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
108

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Share access keys between accounts
Cloud IAM Roles with cross-account access
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
109

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
110

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
111

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
112

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
113

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Use Google Compute Engine instance profiles
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
114

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
115

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
116

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
117

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
118

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
119

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
120

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
121

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
122

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
123

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Share full administrative credentials
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
124

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
125

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
126

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
127

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
128

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
129

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
130

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Share access keys between accounts
Cloud IAM Roles with cross-account access
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
131

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
132

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
133

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
134

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
135

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
136

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
137

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Use Google Compute Engine instance profiles
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
138

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Roles with cross-account access
Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
139

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
140

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
Share access keys between accounts
Cloud IAM Users with Multi-Factor Authentication
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
141

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Use Google Compute Engine instance profiles
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Create long-term access keys for each developer
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
142

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Cloud IAM Roles with cross-account access
Share access keys between accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
143

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
Create long-term access keys for each developer
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
144

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Share access keys between accounts
Create duplicate users in both accounts
Cloud IAM Users with Multi-Factor Authentication
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
145

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Use Google Compute Engine instance profiles
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Share full administrative credentials
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
146

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
Share access keys between accounts
Cloud IAM Roles with cross-account access
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.
147

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

Create long-term access keys for each developer
Share full administrative credentials
Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a group
Use Google Compute Engine instance profiles
View Explanation
✓ Correct Answer: Create an Cloud IAM policy with Google Cloud Storage read permissions and attach it to a groupExplanation:Cloud IAM allows you to define granular permissions. Attaching policies to groups follows the principle of least privilege and simplifies management.
148

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What Cloud IAM feature should you use?

Share access keys between accounts
Cloud IAM Roles with cross-account access
Cloud IAM Users with Multi-Factor Authentication
Create duplicate users in both accounts
View Explanation
✓ Correct Answer: Cloud IAM Roles with cross-account accessExplanation:Cloud IAM Roles allow secure cross-account access without sharing long term credentials. Users can assume roles temporarily.