ExpertEasy1 markMultiple Choice
GCP ACE · Question 46 · Domain 5.2: Managing service accounts
When you create a new Compute Engine instance without specifying a service account, it automatically uses the Compute Engine default service account.
What primitive IAM role is granted to this default service account by default?
When you create a new Compute Engine instance without specifying a service account, it automatically uses the Compute Engine default service account.
What primitive IAM role is granted to this default service account by default?
Answer options:
A.
Viewer
B.
Editor
C.
Owner
D.
Compute Instance Admin
How to approach this question
Recall the default permissions of the default compute service account.
Full Answer
B.Editor✓ Correct
The Compute Engine default service account (`[PROJECT_NUMBER]-compute@developer.gserviceaccount.com`) is automatically created in your project and, by default, is granted the primitive `Editor` role. Because this grants broad access to modify almost any resource in the project, best practices dictate creating custom service accounts with least privilege instead of using the default one.
Common mistakes
Assuming Google defaults to least privilege (e.g., Viewer). Historically, to make things 'just work' for developers, the default was set to Editor.
Practice the full GCP Associate Cloud Engineer Practice Exam 7
50 questions · hints · full answers · grading
More questions from this exam
Q01You are starting a new initiative and need to create a new Google Cloud project using the Cloud S...EasyQ02Your company is migrating to Google Cloud and wants to manage user identities centrally. They cur...MediumQ03You have just created a new Google Cloud project and want to deploy a containerized application u...MediumQ04Your finance team wants to perform complex SQL queries on your Google Cloud billing data to analy...MediumQ05You are managing a development project in Google Cloud. You want to ensure that you are notified ...Easy