Google Cloud Certified Associate Cloud Engineer Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Google Cloud Certified Associate Cloud Engineer Exam. Engage with interactive quizzes and detailed explanations tailored to help you master key concepts. Ensure you're ready for a successful career in the cloud computing industry!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

You have several users who need access to some very specific Google Cloud functionality. You'd like to follow the principle of least privilege. What's the best way to ensure these users can list Cloud Storage buckets, list BigQuery jobs, and list compute disks?

  1. Add the users to the viewer role.

  2. Use the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.

  3. Create a custom role for this job role, add the required permissions, and add the users to the role.

  4. Add the users to a group, apply the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.

The correct answer is: Create a custom role for this job role, add the required permissions, and add the users to the role.

Using the predefined roles in B does not ensure least privilege as they may have excess permissions for other resources. Answer A only grants the Viewer role and does not include the required permissions. Answer D does not follow the principle of least privilege as the predefined roles have excess permissions. Therefore, creating a custom role in C is the best way to ensure that the specific users have the required permissions without excess access.

More Questions Like This