Configuring access Questions
Practice questions for Configuring access topic in Google Professional Cloud Security Engineer. 52 questions covering this domain.
Which IAM role type should generally be avoided in production because it is highly permissive and grants broad access across Google Cloud services?
A company wants a custom role for a folder-scoped administration task and includes a folder-specific permission. Which statement is correct?
A team needs an identity for an application running on Compute Engine to call Google Cloud APIs. Which identity type is designed for that workload?
What do IAM Recommender lateral movement insights help identify?
A company wants GitHub Actions to access Google Cloud without storing long-lived service account keys. Which approach best fits Google's recommendatio...
Which Access Context Manager access-level attribute is designed to restrict requests based on the properties of the requesting device?
A deleted service account is recreated later with the same email address. What happens to the old IAM bindings that referenced the original account?
A security team creates a workload identity pool for many external identities. What is the recommended way to keep access narrow?
IAM Recommender uses aggregated permission usage from roughly what recent period when identifying excess access?
If you grant an allow policy binding on a folder, what happens to child projects and resources under that folder?
A security engineer needs a role that contains an exact user-specified list of supported permissions. Which IAM role type should be used?
A principal must impersonate a service account to obtain short-lived credentials. Which IAM role is specifically used for that capability?
Which statement about service accounts is correct in Google Cloud IAM?
A principal is granted roles/viewer at the project level and roles/editor at a specific resource within the same project. Which access does the princi...
Which IAM feature allows you to set conditions on role bindings so that access is only granted when specific attributes, such as resource type or requ...
A security engineer is configuring an Identity-Aware Proxy policy for an internal web application hosted on a Google Cloud VM. Users authenticate succ...
Which tool does Google Cloud provide to help organizations identify over-privileged principals by analyzing actual permission usage and recommending a...
Which type of service account is created automatically by Google Cloud when certain services are enabled and is not managed by the customer?
A company wants to prevent any principal from escalating their permissions by granting themselves or others additional IAM roles in a production proje...
An organization uses VPC Service Controls to protect its BigQuery data. A Data Science team in the same organization needs to query data using a Jupyt...
Sign in to see all 52 questions
Create a free account to browse all questions — completely free during our launch phase.