ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 5.1: Managing Identity and Access Management (IAM)IAMSecurityPrimitive RolesBest Practices

GCP ACE · Question 41 · Domain 5.1: Managing Identity and Access Management (IAM)

You are reviewing IAM roles in your Google Cloud project. You notice several users have the 'Editor' role. According to Google Cloud security best practices, why should you avoid using the 'Editor' role?

Answer options:

A.

It is a primitive role that grants broad permissions across almost all services in the project, violating the principle of least privilege.

B.

It allows users to modify IAM policies and add new users to the project.

C.

It is a deprecated role and will be removed by Google Cloud soon.

D.

It only grants access to Compute Engine, leaving other services inaccessible.

How to approach this question

Understand the difference between primitive roles and predefined roles in IAM.

Full Answer

A.It is a primitive role that grants broad permissions across almost all services in the project, violating the principle of least privilege.✓ Correct
The 'Editor' role is one of the three primitive roles (Viewer, Editor, Owner). It grants permissions to create, modify, and delete resources across almost all Google Cloud services in the project. Google strongly recommends using predefined roles (e.g., 'Compute Instance Admin') instead, as they provide granular access control adhering to the principle of least privilege.

Common mistakes

Believing Editor can change IAM policies. Only Owner (or roles like Security Admin) can change IAM policies.
40All questions42

Practice the full GCP Associate Cloud Engineer Practice Exam 7

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the Cloud S...EasyQ02Your company is migrating to Google Cloud and wants to manage user identities centrally. They cur...MediumQ03You have just created a new Google Cloud project and want to deploy a containerized application u...MediumQ04Your finance team wants to perform complex SQL queries on your Google Cloud billing data to analy...MediumQ05You are managing a development project in Google Cloud. You want to ensure that you are notified ...Easy
View all 50 questions →