Bash, the Crucial Exams Chat Bot
AI Bot
Identity and Access Management (GCP PCA) Flashcards
GCP Professional Cloud Architect Flashcards
| Front | Back |
| Can you assign multiple roles to a single member in GCP? | Yes, a single member can be bound to multiple roles, each granting its own set of permissions. |
| How are IAM policies structured? | They consist of bindings with members and roles, defining access control for resources. |
| How can conflict in IAM bindings occur? | If multiple roles or policies grant overlapping or conflicting permissions to the same user. |
| How can IAM help ensure compliance in GCP environments? | By providing audit logs, conditional access, and granular permission settings to secure and monitor resource access. |
| How can you grant temporary access in GCP IAM? | By using conditional bindings or predefined short-lived credentials through access tokens. |
| How can you restrict access at a higher level in the resource hierarchy? | By applying stricter IAM policies at the organization or folder level, which will cascade down to lower resources. |
| How do you revoke access in GCP IAM? | By removing the IAM policy binding for a specific member or role from a resource. |
| How does GCP enforce resource-level IAM policies? | By inheriting policies through the resource hierarchy, starting from the organization level down to individual resources. |
| How does GCP handle audit logging for IAM? | GCP automatically tracks changes and access attempts via Logs Explorer under Admin Activity and Data Access logs. |
| How often should you rotate service account keys in GCP? | Regularly rotate keys as a security best practice to minimize exposure in case of compromise. |
| What are conditional role bindings in GCP? | Bindings that apply only under specific conditions, such as time-based access or IP address restrictions for accessing resources. |
| What are IAM policy bindings? | The relationship that associates a list of members to a specific role. |
| What are primitive roles in GCP? | Basic roles that are Owner, Editor, and Viewer, offering broad access to resources. |
| What are service accounts used for in GCP? | To provide identities for applications, virtual machines, or other services to access GCP resources securely. |
| What are the limitations of the Owner role in GCP IAM? | The Owner role provides extensive permissions that may risk violating the principle of least privilege if overused. |
| What are the potential members in an IAM binding? | Users, groups, service accounts, or domains. |
| What are the risks of using the default Compute Engine service account? | It often has broad permissions which may lead to excessive access if not customized or restricted. |
| What are the three types of IAM roles in GCP? | Primitive, predefined, and custom roles. |
| What best practice should be followed when assigning roles in GCP IAM? | Always assign roles with the principle of least privilege and consider using predefined roles where applicable. |
| What does a Service Account Key provide? | It provides a private key file for applications to authenticate as a service account programmatically. |
| What happens if a resource has no IAM policy applied? | The resource inherits the IAM policy from its parent in the resource hierarchy. |
| What is a common use case for using service accounts in GCP? | To allow applications or virtual machines to authenticate securely and access specific resources systematically. |
| What is a policy hierarchy in GCP IAM? | Policies are inherited from the organization down to folders, projects, and individual resources. |
| What is a predefined policy condition? | A condition that specifies when a role binding should take effect based on attributes such as time or resource. |
| What is a predefined role? | A role created by Google with a specific set of permissions tailored to a specific GCP service. |
| What is a role in GCP IAM? | A collection of permissions that can be assigned to users, groups, or service accounts to control access to resources. |
| What is an IAM policy in GCP? | A document that specifies bindings of roles to members to control access to resources. |
| What is IAM recommendation in GCP? | A feature that suggests optimizations and least privilege adjustments for your IAM roles. |
| What is the difference between organization policies and IAM policies in GCP? | Organization policies control resource behaviors, while IAM policies define permissions and access to resources. |
| What is the difference between predefined roles and custom roles in GCP IAM? | Predefined roles are created by Google for specific services with a fixed set of permissions while custom roles are created by users to define specific permissions tailored to their needs. |
| What is the difference between user accounts and service accounts? | User accounts represent individuals, while service accounts represent non-human identities like applications or VMs. |
| What is the principle of least privilege in IAM? | Granting only the minimal permissions necessary for a user or service to perform its task. |
| What is the purpose of IAM in GCP? | To securely manage access to Cloud resources by defining who has what access using roles and policies. |
| What is the purpose of the Google IAM API? | To centrally manage access control for GCP resources programmatically, including setting and querying IAM policies. |
| What is the purpose of the IAM Recommender in GCP? | To analyze permissions granted to members and recommend adjustments to follow the principle of least privilege. |
| What is the role of the Editor in primitive roles? | The Editor role allows full read/write access to resources except for managing permissions. |
| What is the role of the Owner in primitive roles? | The Owner role has full control over all resources, including the ability to change permissions. |
| What is the significance of the Service Account User role? | It allows users to use a service account to act on behalf of it without managing the account itself directly. |
| What is the Viewer primitive role used for? | To provide read-only access to GCP resources. |
| Why use custom roles in GCP IAM? | To create roles that contain fine-grained, specific permissions customized to your organization's needs. |
Front
What are the risks of using the default Compute Engine service account?
Click the card to flip
Back
It often has broad permissions which may lead to excessive access if not customized or restricted.
Front
How can you grant temporary access in GCP IAM?
Back
By using conditional bindings or predefined short-lived credentials through access tokens.
Front
How does GCP enforce resource-level IAM policies?
Back
By inheriting policies through the resource hierarchy, starting from the organization level down to individual resources.
Front
What happens if a resource has no IAM policy applied?
Back
The resource inherits the IAM policy from its parent in the resource hierarchy.
Front
What best practice should be followed when assigning roles in GCP IAM?
Back
Always assign roles with the principle of least privilege and consider using predefined roles where applicable.
Front
What is the role of the Editor in primitive roles?
Back
The Editor role allows full read/write access to resources except for managing permissions.
Front
What is a predefined role?
Back
A role created by Google with a specific set of permissions tailored to a specific GCP service.
Front
What are service accounts used for in GCP?
Back
To provide identities for applications, virtual machines, or other services to access GCP resources securely.
Front
What is an IAM policy in GCP?
Back
A document that specifies bindings of roles to members to control access to resources.
Front
What is the principle of least privilege in IAM?
Back
Granting only the minimal permissions necessary for a user or service to perform its task.
Front
What is a policy hierarchy in GCP IAM?
Back
Policies are inherited from the organization down to folders, projects, and individual resources.
Front
How does GCP handle audit logging for IAM?
Back
GCP automatically tracks changes and access attempts via Logs Explorer under Admin Activity and Data Access logs.
Front
What are IAM policy bindings?
Back
The relationship that associates a list of members to a specific role.
Front
How are IAM policies structured?
Back
They consist of bindings with members and roles, defining access control for resources.
Front
What is the difference between organization policies and IAM policies in GCP?
Back
Organization policies control resource behaviors, while IAM policies define permissions and access to resources.
Front
Can you assign multiple roles to a single member in GCP?
Back
Yes, a single member can be bound to multiple roles, each granting its own set of permissions.
Front
How can IAM help ensure compliance in GCP environments?
Back
By providing audit logs, conditional access, and granular permission settings to secure and monitor resource access.
Front
How can conflict in IAM bindings occur?
Back
If multiple roles or policies grant overlapping or conflicting permissions to the same user.
Front
What are primitive roles in GCP?
Back
Basic roles that are Owner, Editor, and Viewer, offering broad access to resources.
Front
What is the difference between user accounts and service accounts?
Back
User accounts represent individuals, while service accounts represent non-human identities like applications or VMs.
Front
What is a predefined policy condition?
Back
A condition that specifies when a role binding should take effect based on attributes such as time or resource.
Front
What is the significance of the Service Account User role?
Back
It allows users to use a service account to act on behalf of it without managing the account itself directly.
Front
What is IAM recommendation in GCP?
Back
A feature that suggests optimizations and least privilege adjustments for your IAM roles.
Front
What is the purpose of the IAM Recommender in GCP?
Back
To analyze permissions granted to members and recommend adjustments to follow the principle of least privilege.
Front
What is the Viewer primitive role used for?
Back
To provide read-only access to GCP resources.
Front
What are the limitations of the Owner role in GCP IAM?
Back
The Owner role provides extensive permissions that may risk violating the principle of least privilege if overused.
Front
How can you restrict access at a higher level in the resource hierarchy?
Back
By applying stricter IAM policies at the organization or folder level, which will cascade down to lower resources.
Front
What are the three types of IAM roles in GCP?
Back
Primitive, predefined, and custom roles.
Front
Why use custom roles in GCP IAM?
Back
To create roles that contain fine-grained, specific permissions customized to your organization's needs.
Front
How do you revoke access in GCP IAM?
Back
By removing the IAM policy binding for a specific member or role from a resource.
Front
What does a Service Account Key provide?
Back
It provides a private key file for applications to authenticate as a service account programmatically.
Front
What is the purpose of the Google IAM API?
Back
To centrally manage access control for GCP resources programmatically, including setting and querying IAM policies.
Front
What is the purpose of IAM in GCP?
Back
To securely manage access to Cloud resources by defining who has what access using roles and policies.
Front
What is a role in GCP IAM?
Back
A collection of permissions that can be assigned to users, groups, or service accounts to control access to resources.
Front
How often should you rotate service account keys in GCP?
Back
Regularly rotate keys as a security best practice to minimize exposure in case of compromise.
Front
What is the role of the Owner in primitive roles?
Back
The Owner role has full control over all resources, including the ability to change permissions.
Front
What are the potential members in an IAM binding?
Back
Users, groups, service accounts, or domains.
Front
What is a common use case for using service accounts in GCP?
Back
To allow applications or virtual machines to authenticate securely and access specific resources systematically.
Front
What are conditional role bindings in GCP?
Back
Bindings that apply only under specific conditions, such as time-based access or IP address restrictions for accessing resources.
Front
What is the difference between predefined roles and custom roles in GCP IAM?
Back
Predefined roles are created by Google for specific services with a fixed set of permissions while custom roles are created by users to define specific permissions tailored to their needs.
1/40
This deck focuses on GCP IAM principles, roles, policies, service accounts, and best practices for managing access control securely.