Bash, the Crucial Exams Chat Bot
AI Bot
IAM and Access Management (GCP ACE) Flashcards
GCP Associate Cloud Engineer Flashcards
| Front | Back |
| How are IAM policies attached to resources? | IAM policies are attached directly to resources or inherited from parent resources in a hierarchy. |
| How can resources be protected with IAM Conditions | IAM Conditions allow adding constraints based on attributes like IP address or resource tags to refine access. |
| How can specific API methods be restricted using IAM | Permissions tied to API methods can be controlled by assigning roles with granular access permissions. |
| How can you audit IAM changes in Google Cloud? | By viewing the activity logs in Cloud Audit Logs. |
| How can you grant permissions at the organization level in IAM? | Assign roles to users or groups at the organization level. |
| How can you view the IAM permissions assigned to a specific role | Use the `gcloud iam roles describe` command or inspect the role in the Google Cloud Console. |
| How do service accounts authenticate to Google Cloud | Service accounts use key files or OAuth tokens to authenticate and interact with Google Cloud services. |
| How is access revocation managed in IAM | Access is revoked by removing or updating roles assigned to a user, group, or service account. |
| What are the permissions required to create a custom IAM role | The permissions include `iam.roles.create` and `iam.roles.update`. |
| What does a predefined role in IAM provide? | A set of permissions designed for a specific task or job. |
| What happens if a user has multiple roles across IAM policies? | The user receives all granted permissions from all roles combined. |
| What happens if a user’s IAM policy denies access but another policy at a higher level allows it? | The deny policy takes precedence, as deny overrides allow in Google Cloud IAM. |
| What happens if conflicting IAM policies are applied at different levels | Deny policies at any level override allow policies, ensuring tight security. |
| What IAM feature helps to mitigate risks from excessive permissions | The Principle of Least Privilege and IAM Recommender work to minimize permissions. |
| What is a custom role in IAM? | A user-defined role that allows you to define a tailored set of permissions. |
| What is a Google Cloud IAM role? | A collection of permissions that can be assigned to users, groups, or service accounts. |
| What is a Google Group's role in IAM | Google Groups simplify role and policy management by assigning roles collectively to multiple users. |
| What is an IAM service account? | A special Google account used by applications or virtual machines to interact with Google Cloud. |
| What is role inheritance in IAM | IAM roles are inherited downwards in the hierarchy meaning child resources inherit IAM policies applied at parent resources. |
| What is the default role assigned to new service accounts created in Google Cloud? | The Editor role. |
| What is the difference between a group and a service account in IAM? | A group is used to manage users collectively, whereas a service account is used for applications or virtual machines. |
| What is the difference between an IAM role and an IAM policy | An IAM role is a collection of permissions while an IAM policy assigns roles to users or accounts at different resource levels. |
| What is the difference between default roles and predefined roles | Default roles like Owner, Editor, and Viewer are legacy roles while predefined roles are task-specific with finer granularity. |
| What is the difference between roles and permissions in IAM? | Roles are a set of permissions grouped together for easier assignment. |
| What is the effect of binding a role to 'allAuthenticatedUsers' | This binding provides access to all users authenticated with a Google Account. |
| What is the hierarchy structure in Google Cloud for IAM policies? | Organization > Folder > Project > Resources. |
| What is the Identity-Aware Proxy (IAP) used for in Google Cloud IAM | IAP secures access to applications running on Google Cloud by managing identity-based access levels. |
| What is the maximum number of custom roles that can be created per project | 300 custom roles per project. |
| What is the primary purpose of IAM in Google Cloud? | To control and manage access to resources in Google Cloud. |
| What is the principle of least privilege in IAM? | Assigning the minimal set of permissions required for a user or service to perform its tasks. |
| What is the purpose of an IAM Condition in Google Cloud? | To define more granular access control by applying constraints to IAM policies. |
| What is the purpose of logging with Cloud Audit Logs in IAM | Audit Logs track IAM policy changes and access attempts for accountability and compliance. |
| What is the purpose of organizational policies | Organizational policies define constraints to enforce security or resource usage practices across the hierarchy. |
| What is the purpose of scopes when using service accounts with VM instances? | Scopes limit the permissions a service account has for resources accessed by the VM instance. |
| What is the purpose of the IAM Recommender in Google Cloud? | It provides recommendations to refine overly permissive roles and improve security. |
| What is the role of primitive roles in IAM? | They are legacy roles (Owner, Editor, Viewer) that provide broad access to resources. |
| What tool can be used to test and view IAM permissions for a user? | The IAM Policy Troubleshooter. |
| Which IAM role is restrictive and only allows viewing resources | The Viewer role. |
| Which tool enables enforcement of organization-wide IAM practices | The Organization Policy Service. |
Front
What tool can be used to test and view IAM permissions for a user?
Click the card to flip
Back
The IAM Policy Troubleshooter.
Front
What are the permissions required to create a custom IAM role
Back
The permissions include `iam.roles.create` and `iam.roles.update`.
Front
What happens if conflicting IAM policies are applied at different levels
Back
Deny policies at any level override allow policies, ensuring tight security.
Front
What is the maximum number of custom roles that can be created per project
Back
300 custom roles per project.
Front
What is the Identity-Aware Proxy (IAP) used for in Google Cloud IAM
Back
IAP secures access to applications running on Google Cloud by managing identity-based access levels.
Front
What does a predefined role in IAM provide?
Back
A set of permissions designed for a specific task or job.
Front
How can you grant permissions at the organization level in IAM?
Back
Assign roles to users or groups at the organization level.
Front
What happens if a user’s IAM policy denies access but another policy at a higher level allows it?
Back
The deny policy takes precedence, as deny overrides allow in Google Cloud IAM.
Front
What happens if a user has multiple roles across IAM policies?
Back
The user receives all granted permissions from all roles combined.
Front
What is the purpose of organizational policies
Back
Organizational policies define constraints to enforce security or resource usage practices across the hierarchy.
Front
How do service accounts authenticate to Google Cloud
Back
Service accounts use key files or OAuth tokens to authenticate and interact with Google Cloud services.
Front
What is the difference between an IAM role and an IAM policy
Back
An IAM role is a collection of permissions while an IAM policy assigns roles to users or accounts at different resource levels.
Front
What is an IAM service account?
Back
A special Google account used by applications or virtual machines to interact with Google Cloud.
Front
What is the purpose of the IAM Recommender in Google Cloud?
Back
It provides recommendations to refine overly permissive roles and improve security.
Front
What is the hierarchy structure in Google Cloud for IAM policies?
Back
Organization > Folder > Project > Resources.
Front
What is the effect of binding a role to 'allAuthenticatedUsers'
Back
This binding provides access to all users authenticated with a Google Account.
Front
What is the purpose of an IAM Condition in Google Cloud?
Back
To define more granular access control by applying constraints to IAM policies.
Front
Which IAM role is restrictive and only allows viewing resources
Back
The Viewer role.
Front
What is role inheritance in IAM
Back
IAM roles are inherited downwards in the hierarchy meaning child resources inherit IAM policies applied at parent resources.
Front
What is the default role assigned to new service accounts created in Google Cloud?
Back
The Editor role.
Front
What is a custom role in IAM?
Back
A user-defined role that allows you to define a tailored set of permissions.
Front
What is the role of primitive roles in IAM?
Back
They are legacy roles (Owner, Editor, Viewer) that provide broad access to resources.
Front
What is the difference between default roles and predefined roles
Back
Default roles like Owner, Editor, and Viewer are legacy roles while predefined roles are task-specific with finer granularity.
Front
How can you view the IAM permissions assigned to a specific role
Back
Use the `gcloud iam roles describe` command or inspect the role in the Google Cloud Console.
Front
How can specific API methods be restricted using IAM
Back
Permissions tied to API methods can be controlled by assigning roles with granular access permissions.
Front
How are IAM policies attached to resources?
Back
IAM policies are attached directly to resources or inherited from parent resources in a hierarchy.
Front
What is the primary purpose of IAM in Google Cloud?
Back
To control and manage access to resources in Google Cloud.
Front
How is access revocation managed in IAM
Back
Access is revoked by removing or updating roles assigned to a user, group, or service account.
Front
What is a Google Group's role in IAM
Back
Google Groups simplify role and policy management by assigning roles collectively to multiple users.
Front
How can you audit IAM changes in Google Cloud?
Back
By viewing the activity logs in Cloud Audit Logs.
Front
What is the difference between a group and a service account in IAM?
Back
A group is used to manage users collectively, whereas a service account is used for applications or virtual machines.
Front
What IAM feature helps to mitigate risks from excessive permissions
Back
The Principle of Least Privilege and IAM Recommender work to minimize permissions.
Front
How can resources be protected with IAM Conditions
Back
IAM Conditions allow adding constraints based on attributes like IP address or resource tags to refine access.
Front
What is a Google Cloud IAM role?
Back
A collection of permissions that can be assigned to users, groups, or service accounts.
Front
What is the purpose of scopes when using service accounts with VM instances?
Back
Scopes limit the permissions a service account has for resources accessed by the VM instance.
Front
Which tool enables enforcement of organization-wide IAM practices
Back
The Organization Policy Service.
Front
What is the difference between roles and permissions in IAM?
Back
Roles are a set of permissions grouped together for easier assignment.
Front
What is the principle of least privilege in IAM?
Back
Assigning the minimal set of permissions required for a user or service to perform its tasks.
Front
What is the purpose of logging with Cloud Audit Logs in IAM
Back
Audit Logs track IAM policy changes and access attempts for accountability and compliance.
1/39
This deck focuses on Google Cloud Identity and Access Management (IAM) roles, permissions, service accounts, and security practices.