Google Cloud Certified Associate Cloud Engineer Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Google Cloud Certified Associate Cloud Engineer Exam with flashcards and multiple choice questions. Each question includes hints and explanations to help you study effectively. Get ready to pass your certification exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

You have several users who need access to some very specific Google Cloud functionality. You'd like to follow the principle of least privilege. What's the best way to ensure these users can list Cloud Storage buckets, list BigQuery jobs, and list compute disks?

  1. Add the users to the viewer role.

  2. Use the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.

  3. Create a custom role for this job role, add the required permissions, and add the users to the role.

  4. Add the users to a group, apply the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.

The correct answer is: Create a custom role for this job role, add the required permissions, and add the users to the role.

Using the predefined roles in B does not ensure least privilege as they may have excess permissions for other resources. Answer A only grants the Viewer role and does not include the required permissions. Answer D does not follow the principle of least privilege as the predefined roles have excess permissions. Therefore, creating a custom role in C is the best way to ensure that the specific users have the required permissions without excess access.

More Questions Like This