Bash, the Crucial Exams Chat Bot
AI Bot
Identity and Access Management (GCP PCSE) Flashcards
GCP Professional Cloud Security Engineer Flashcards
Study our Identity and Access Management (GCP PCSE) flashcards for the GCP Professional Cloud Security Engineer exam with 25+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| How can you allow all authenticated Google users to access a GCP resource? | Assign the special member allAuthenticatedUsers to the resource. |
| How do you grant temporary permissions to a user in GCP? | Use the principle of IAM Conditions to apply permissions for a limited time. |
| How do you prevent accidental deletion of a service account in GCP? | Enable deletion protection by default when creating the service account. |
| How do you test a custom role’s permissions in GCP? | Use the Policy Troubleshooter or the Test Permissions API. |
| What are the three main types of IAM members in GCP? | Google accounts, service accounts, and Google groups. |
| What does a service account represent in GCP? | A special Google account used by applications or services to authenticate and access GCP resources. |
| What happens if you delete a service account in GCP? | Any resources relying on that service account will lose access, potentially breaking functionality. |
| What is a policy hierarchy in GCP IAM? | A structure where policies are inherited from the higher-level resource (organization > folder > project > resource). |
| What is a role in GCP IAM? | A collection of permissions that define what actions a member can take on a resource. |
| What is an organization policy in GCP? | A policy used for centralized management and control of resources across the organization. |
| What is the default behavior of a service account created in GCP? | It has no permissions unless explicitly granted. |
| What is the difference between a primitive role and a predefined role in GCP? | Primitive roles are basic roles (Owner, Editor, Viewer), while predefined roles are more granular roles created by Google. |
| What is the difference between a user-managed and a Google-managed service account? | User-managed accounts are created and managed by users, while Google-managed accounts are automatically created and managed by GCP services. |
| What is the difference between predefined roles and custom roles in GCP? | Predefined roles are managed by Google with specific permissions, while custom roles are user-created with tailored permissions. |
| What is the function of the IAM policy in GCP? | It binds one or more members to a role for a specific resource. |
| What is the function of workload identity in GCP? | It allows Kubernetes workloads to securely use GCP service accounts without private keys. |
| What is the principle of "deny always overrides allow" in GCP IAM? | If a policy explicitly denies access, it overrides any “allow” policies. |
| What is the principle of least privilege in IAM? | Granting only the minimum permissions necessary to perform a task. |
| What is the purpose of Access Transparency in GCP? | To provide visibility into the actions performed by Google administrators on your resources. |
| What is the purpose of an access scope for a VM in GCP? | To limit the OAuth scopes of the VM's service account. |
| What is the purpose of Identity and Access Management (IAM) in GCP? | To define policies that manage access to resources in GCP securely. |
| What is the purpose of the IAM Policy Simulator? | To simulate and test the impact of potential policy changes without applying them. |
| What is the role of the Cloud Identity service in GCP? | It manages user accounts and authentication for GCP resources. |
| What logging service can be used to track IAM changes in GCP? | Cloud Audit Logs. |
| What type of account is commonly used by applications to authenticate themselves to GCP services? | Service accounts. |
About the Flashcards
Flashcards for the GCP Professional Cloud Security Engineer exam help you master Google Cloud Platform Identity and Access Management concepts essential for securing resources. Each card reviews how IAM policies, roles, and the policy hierarchy govern who can do what within organizations, folders, projects, and individual resources.
Use the deck to quickly recall differences between primitive, predefined, and custom roles; understand service accounts, workload identity, and Cloud Identity; and apply best practices like least privilege, conditional access, audit logging, and deletion protection. The concise Q&A format reinforces key terminology and troubleshooting tools so you can answer exam questions with confidence.
Topics covered in this flashcard deck:
- IAM roles & policies
- Service accounts
- Policy hierarchy
- Least privilege & conditions
- Audit & transparency
- Workload identity