In Google Cloud IAM, what is the fundamental difference between a primitive role (like Editor) and a predefined role (like Compute Instance Admin)?

Answer options:

Primitive roles can only be assigned to Service Accounts.

Primitive roles grant broad permissions across all services in a project, while predefined roles grant granular permissions for specific services.

Predefined roles are created by users, while primitive roles are created by Google.

Primitive roles are free, while predefined roles incur a monthly charge.

How to approach this question

Understand the IAM role hierarchy: Primitive (broad), Predefined (granular), Custom (user-defined).

Full Answer

B.Primitive roles grant broad permissions across all services in a project, while predefined roles grant granular permissions for specific services.✓ Correct

Primitive roles (Owner, Editor, Viewer) existed before IAM and grant broad access to almost all resources in a project. Predefined roles are created and maintained by Google and provide granular access to specific services (e.g., `roles/compute.instanceAdmin` only grants access to Compute Engine). Best practice is to use predefined roles.

Common mistakes

Confusing predefined roles with custom roles.

Question 40 All questions Question 42

Practice the full GCP Associate Cloud Engineer Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01What is the highest level of the Google Cloud resource hierarchy?Easy Q02You need to enable the Compute Engine API in a new project using the command line. Which command ...Easy Q03You are setting up a new GCP environment. You need to grant a group of developers access to view ...Medium Q04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...Easy Q05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium

View all 50 questions →