Bash, the Crucial Exams Chat Bot
AI Bot
Identity and Access Management (GCP PCA) Flashcards
GCP Professional Cloud Architect Flashcards
| Front | Back |
| Can you assign multiple roles to a single member in GCP? | Yes, a single member can be bound to multiple roles, each granting its own set of permissions. |
| How are IAM policies structured? | They consist of bindings with members and roles, defining access control for resources. |
| How can conflict in IAM bindings occur? | If multiple roles or policies grant overlapping or conflicting permissions to the same user. |
| How can IAM help ensure compliance in GCP environments? | By providing audit logs, conditional access, and granular permission settings to secure and monitor resource access. |
| How can you grant temporary access in GCP IAM? | By using conditional bindings or predefined short-lived credentials through access tokens. |
| How can you restrict access at a higher level in the resource hierarchy? | By applying stricter IAM policies at the organization or folder level, which will cascade down to lower resources. |
| How do you revoke access in GCP IAM? | By removing the IAM policy binding for a specific member or role from a resource. |
| How does GCP enforce resource-level IAM policies? | By inheriting policies through the resource hierarchy, starting from the organization level down to individual resources. |
| How does GCP handle audit logging for IAM? | GCP automatically tracks changes and access attempts via Logs Explorer under Admin Activity and Data Access logs. |
| How often should you rotate service account keys in GCP? | Regularly rotate keys as a security best practice to minimize exposure in case of compromise. |
| What are conditional role bindings in GCP? | Bindings that apply only under specific conditions, such as time-based access or IP address restrictions for accessing resources. |
| What are IAM policy bindings? | The relationship that associates a list of members to a specific role. |
| What are primitive roles in GCP? | Basic roles that are Owner, Editor, and Viewer, offering broad access to resources. |
| What are service accounts used for in GCP? | To provide identities for applications, virtual machines, or other services to access GCP resources securely. |
| What are the limitations of the Owner role in GCP IAM? | The Owner role provides extensive permissions that may risk violating the principle of least privilege if overused. |
| What are the potential members in an IAM binding? | Users, groups, service accounts, or domains. |
| What are the risks of using the default Compute Engine service account? | It often has broad permissions which may lead to excessive access if not customized or restricted. |
| What are the three types of IAM roles in GCP? | Primitive, predefined, and custom roles. |
| What best practice should be followed when assigning roles in GCP IAM? | Always assign roles with the principle of least privilege and consider using predefined roles where applicable. |
| What does a Service Account Key provide? | It provides a private key file for applications to authenticate as a service account programmatically. |
| What happens if a resource has no IAM policy applied? | The resource inherits the IAM policy from its parent in the resource hierarchy. |
| What is a common use case for using service accounts in GCP? | To allow applications or virtual machines to authenticate securely and access specific resources systematically. |
| What is a policy hierarchy in GCP IAM? | Policies are inherited from the organization down to folders, projects, and individual resources. |
| What is a predefined policy condition? | A condition that specifies when a role binding should take effect based on attributes such as time or resource. |
| What is a predefined role? | A role created by Google with a specific set of permissions tailored to a specific GCP service. |
| What is a role in GCP IAM? | A collection of permissions that can be assigned to users, groups, or service accounts to control access to resources. |
| What is an IAM policy in GCP? | A document that specifies bindings of roles to members to control access to resources. |
| What is IAM recommendation in GCP? | A feature that suggests optimizations and least privilege adjustments for your IAM roles. |
| What is the difference between organization policies and IAM policies in GCP? | Organization policies control resource behaviors, while IAM policies define permissions and access to resources. |
| What is the difference between predefined roles and custom roles in GCP IAM? | Predefined roles are created by Google for specific services with a fixed set of permissions while custom roles are created by users to define specific permissions tailored to their needs. |
| What is the difference between user accounts and service accounts? | User accounts represent individuals, while service accounts represent non-human identities like applications or VMs. |
| What is the principle of least privilege in IAM? | Granting only the minimal permissions necessary for a user or service to perform its task. |
| What is the purpose of IAM in GCP? | To securely manage access to Cloud resources by defining who has what access using roles and policies. |
| What is the purpose of the Google IAM API? | To centrally manage access control for GCP resources programmatically, including setting and querying IAM policies. |
| What is the purpose of the IAM Recommender in GCP? | To analyze permissions granted to members and recommend adjustments to follow the principle of least privilege. |
| What is the role of the Editor in primitive roles? | The Editor role allows full read/write access to resources except for managing permissions. |
| What is the role of the Owner in primitive roles? | The Owner role has full control over all resources, including the ability to change permissions. |
| What is the significance of the Service Account User role? | It allows users to use a service account to act on behalf of it without managing the account itself directly. |
| What is the Viewer primitive role used for? | To provide read-only access to GCP resources. |
| Why use custom roles in GCP IAM? | To create roles that contain fine-grained, specific permissions customized to your organization's needs. |
This deck focuses on GCP IAM principles, roles, policies, service accounts, and best practices for managing access control securely.