Configuring access and security Questions

An analyst needs to read objects and list bucket contents, but must not modify data. Which Cloud Storage role is the best fit?

A new custom VPC network has no explicit firewall rules. What is the default behavior?

A security team wants firewall rules to follow VM identity and be harder for instance admins to alter casually by editing metadata. Which targeting me...

Which IAM role type should generally not be used in production because it is highly permissive?

A contractor must upload objects to a bucket but must not be able to view, delete, or overwrite existing objects. Which role is the best fit?

A regulated team needs every administrative API call against a project to be reviewed in a tamper-evident, retained log even if a project owner tries ...

Which Google Cloud service securely stores and manages secrets such as API keys and passwords?

A developer must allow a Cloud Run service to read messages from a Pub/Sub subscription. Which IAM grant is the most appropriate?

Which IAM concept binds a principal to a role on a specific resource?

An IAM policy must reflect that a single role applies to many users at once with simplified administration when employees join or leave. Which approac...

A developer must call a Google Cloud API from code running on a Compute Engine VM without managing key files. Which authentication mechanism should be...

An administrator must periodically rotate a customer-managed Cloud KMS key that protects data in Cloud Storage. Which capability supports this require...

An administrator must allow a developer to view objects in a single Cloud Storage bucket but not other buckets in the project. What is the most direct...

Which type of IAM principal represents a non-human service identity used by applications running on Google Cloud?

An organization must ensure that Cloud Storage data cannot be exfiltrated by service accounts whose credentials are stolen and used from outside the o...