You need to grant a new team member access to manage Cloud SQL instances in a specific project. You want to follow the principle of least privilege. Which TWO actions should you take? (Select TWO)

Answer options:

Assign the role to their individual Google account or a Google Group they belong to.

Assign the roles/editor role.

Assign the roles/cloudsql.admin role.

Create a Service Account and share the JSON key with the team member.

Assign the role at the Organization level.

How to approach this question

Identify the correct identity type for a human user and the most restrictive predefined role for the task.

Full Answer

To follow the principle of least privilege, you should assign a predefined role specific to the service they need to manage (`roles/cloudsql.admin`). This role should be bound to their identity (user account or group) at the project level, not the organization level.

Common mistakes

Selecting the Editor role, which is a primitive role that grants too much access.

Question 42 All questions Question 44

Practice the full GCP Associate Cloud Engineer Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01What is the highest level of the Google Cloud resource hierarchy?Easy Q02You need to enable the Compute Engine API in a new project using the command line. Which command ...Easy Q03You are setting up a new GCP environment. You need to grant a group of developers access to view ...Medium Q04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...Easy Q05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium

View all 50 questions →