Bash, the Crucial Exams Chat Bot
AI Bot
Identity and Access Management (GCP PCSE) Flashcards
GCP Professional Cloud Security Engineer Flashcards
| Front | Back |
| How can you allow all authenticated Google users to access a GCP resource? | Assign the special member allAuthenticatedUsers to the resource. |
| How do you grant temporary permissions to a user in GCP? | Use the principle of IAM Conditions to apply permissions for a limited time. |
| How do you prevent accidental deletion of a service account in GCP? | Enable deletion protection by default when creating the service account. |
| How do you test a custom role’s permissions in GCP? | Use the Policy Troubleshooter or the Test Permissions API. |
| What are the three main types of IAM members in GCP? | Google accounts, service accounts, and Google groups. |
| What does a service account represent in GCP? | A special Google account used by applications or services to authenticate and access GCP resources. |
| What happens if you delete a service account in GCP? | Any resources relying on that service account will lose access, potentially breaking functionality. |
| What is a policy hierarchy in GCP IAM? | A structure where policies are inherited from the higher-level resource (organization > folder > project > resource). |
| What is a role in GCP IAM? | A collection of permissions that define what actions a member can take on a resource. |
| What is an organization policy in GCP? | A policy used for centralized management and control of resources across the organization. |
| What is the default behavior of a service account created in GCP? | It has no permissions unless explicitly granted. |
| What is the difference between a primitive role and a predefined role in GCP? | Primitive roles are basic roles (Owner, Editor, Viewer), while predefined roles are more granular roles created by Google. |
| What is the difference between a user-managed and a Google-managed service account? | User-managed accounts are created and managed by users, while Google-managed accounts are automatically created and managed by GCP services. |
| What is the difference between predefined roles and custom roles in GCP? | Predefined roles are managed by Google with specific permissions, while custom roles are user-created with tailored permissions. |
| What is the function of the IAM policy in GCP? | It binds one or more members to a role for a specific resource. |
| What is the function of workload identity in GCP? | It allows Kubernetes workloads to securely use GCP service accounts without private keys. |
| What is the principle of "deny always overrides allow" in GCP IAM? | If a policy explicitly denies access, it overrides any “allow” policies. |
| What is the principle of least privilege in IAM? | Granting only the minimum permissions necessary to perform a task. |
| What is the purpose of Access Transparency in GCP? | To provide visibility into the actions performed by Google administrators on your resources. |
| What is the purpose of an access scope for a VM in GCP? | To limit the OAuth scopes of the VM's service account. |
| What is the purpose of Identity and Access Management (IAM) in GCP? | To define policies that manage access to resources in GCP securely. |
| What is the purpose of the IAM Policy Simulator? | To simulate and test the impact of potential policy changes without applying them. |
| What is the role of the Cloud Identity service in GCP? | It manages user accounts and authentication for GCP resources. |
| What logging service can be used to track IAM changes in GCP? | Cloud Audit Logs. |
| What type of account is commonly used by applications to authenticate themselves to GCP services? | Service accounts. |
This deck covers topics related to managing users, service accounts, roles, and permissions in GCP to ensure proper access control and security practices.