You are designing the IAM hierarchy for a new GCP organization. Following Google's best practices for security and manageability, which THREE principles should you apply? (Select THREE)

Answer options:

Assign roles to Google Groups rather than individual users

Apply the principle of least privilege using predefined roles

Use Folders to group projects by department or environment

Grant the 'Owner' role to all senior developers

Use Custom Roles for every single permission to ensure maximum security

Apply all IAM policies directly at the resource level (e.g., individual VMs)

How to approach this question

Select the standard enterprise IAM best practices recommended by Google Cloud.

Full Answer

Google Cloud IAM best practices dictate: 1) Use Groups (so IT just adds/removes users from a group), 2) Use predefined roles for least privilege (avoiding the broad Basic roles like Editor/Owner), and 3) Use the Resource Hierarchy (Organization -> Folders -> Projects) to inherit policies cleanly.

Common mistakes

Choosing Custom Roles (E). While useful, they require manual maintenance when Google adds new features, so predefined roles are preferred.

Question 42 All questions Question 44

Practice the full GCP Professional Cloud Architect Practice Exam 5

50 questions · hints · full answers · grading

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Hard Q02CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Medium Q03CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Medium Q04CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Medium Q05CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Easy

View all 50 questions →