Bash, the Crucial Exams Chat Bot
AI Bot
IAM and Access Management (GCP ACE) Flashcards
GCP Associate Cloud Engineer Flashcards
| Front | Back |
| How are IAM policies attached to resources? | IAM policies are attached directly to resources or inherited from parent resources in a hierarchy. |
| How can resources be protected with IAM Conditions | IAM Conditions allow adding constraints based on attributes like IP address or resource tags to refine access. |
| How can specific API methods be restricted using IAM | Permissions tied to API methods can be controlled by assigning roles with granular access permissions. |
| How can you audit IAM changes in Google Cloud? | By viewing the activity logs in Cloud Audit Logs. |
| How can you grant permissions at the organization level in IAM? | Assign roles to users or groups at the organization level. |
| How can you view the IAM permissions assigned to a specific role | Use the `gcloud iam roles describe` command or inspect the role in the Google Cloud Console. |
| How do service accounts authenticate to Google Cloud | Service accounts use key files or OAuth tokens to authenticate and interact with Google Cloud services. |
| How is access revocation managed in IAM | Access is revoked by removing or updating roles assigned to a user, group, or service account. |
| What are the permissions required to create a custom IAM role | The permissions include `iam.roles.create` and `iam.roles.update`. |
| What does a predefined role in IAM provide? | A set of permissions designed for a specific task or job. |
| What happens if a user has multiple roles across IAM policies? | The user receives all granted permissions from all roles combined. |
| What happens if a user’s IAM policy denies access but another policy at a higher level allows it? | The deny policy takes precedence, as deny overrides allow in Google Cloud IAM. |
| What happens if conflicting IAM policies are applied at different levels | Deny policies at any level override allow policies, ensuring tight security. |
| What IAM feature helps to mitigate risks from excessive permissions | The Principle of Least Privilege and IAM Recommender work to minimize permissions. |
| What is a custom role in IAM? | A user-defined role that allows you to define a tailored set of permissions. |
| What is a Google Cloud IAM role? | A collection of permissions that can be assigned to users, groups, or service accounts. |
| What is a Google Group's role in IAM | Google Groups simplify role and policy management by assigning roles collectively to multiple users. |
| What is an IAM service account? | A special Google account used by applications or virtual machines to interact with Google Cloud. |
| What is role inheritance in IAM | IAM roles are inherited downwards in the hierarchy meaning child resources inherit IAM policies applied at parent resources. |
| What is the default role assigned to new service accounts created in Google Cloud? | The Editor role. |
| What is the difference between a group and a service account in IAM? | A group is used to manage users collectively, whereas a service account is used for applications or virtual machines. |
| What is the difference between an IAM role and an IAM policy | An IAM role is a collection of permissions while an IAM policy assigns roles to users or accounts at different resource levels. |
| What is the difference between default roles and predefined roles | Default roles like Owner, Editor, and Viewer are legacy roles while predefined roles are task-specific with finer granularity. |
| What is the difference between roles and permissions in IAM? | Roles are a set of permissions grouped together for easier assignment. |
| What is the effect of binding a role to 'allAuthenticatedUsers' | This binding provides access to all users authenticated with a Google Account. |
| What is the hierarchy structure in Google Cloud for IAM policies? | Organization > Folder > Project > Resources. |
| What is the Identity-Aware Proxy (IAP) used for in Google Cloud IAM | IAP secures access to applications running on Google Cloud by managing identity-based access levels. |
| What is the maximum number of custom roles that can be created per project | 300 custom roles per project. |
| What is the primary purpose of IAM in Google Cloud? | To control and manage access to resources in Google Cloud. |
| What is the principle of least privilege in IAM? | Assigning the minimal set of permissions required for a user or service to perform its tasks. |
| What is the purpose of an IAM Condition in Google Cloud? | To define more granular access control by applying constraints to IAM policies. |
| What is the purpose of logging with Cloud Audit Logs in IAM | Audit Logs track IAM policy changes and access attempts for accountability and compliance. |
| What is the purpose of organizational policies | Organizational policies define constraints to enforce security or resource usage practices across the hierarchy. |
| What is the purpose of scopes when using service accounts with VM instances? | Scopes limit the permissions a service account has for resources accessed by the VM instance. |
| What is the purpose of the IAM Recommender in Google Cloud? | It provides recommendations to refine overly permissive roles and improve security. |
| What is the role of primitive roles in IAM? | They are legacy roles (Owner, Editor, Viewer) that provide broad access to resources. |
| What tool can be used to test and view IAM permissions for a user? | The IAM Policy Troubleshooter. |
| Which IAM role is restrictive and only allows viewing resources | The Viewer role. |
| Which tool enables enforcement of organization-wide IAM practices | The Organization Policy Service. |
This deck focuses on Google Cloud Identity and Access Management (IAM) roles, permissions, service accounts, and security practices.