Bash, the Crucial Exams Chat Bot
AI Bot
Identity and Access Management (GCP PCSE) Flashcards
GCP Professional Cloud Security Engineer Flashcards
| Front | Back |
| How can you allow all authenticated Google users to access a GCP resource? | Assign the special member allAuthenticatedUsers to the resource. |
| How do you grant temporary permissions to a user in GCP? | Use the principle of IAM Conditions to apply permissions for a limited time. |
| How do you prevent accidental deletion of a service account in GCP? | Enable deletion protection by default when creating the service account. |
| How do you test a custom role’s permissions in GCP? | Use the Policy Troubleshooter or the Test Permissions API. |
| What are the three main types of IAM members in GCP? | Google accounts, service accounts, and Google groups. |
| What does a service account represent in GCP? | A special Google account used by applications or services to authenticate and access GCP resources. |
| What happens if you delete a service account in GCP? | Any resources relying on that service account will lose access, potentially breaking functionality. |
| What is a policy hierarchy in GCP IAM? | A structure where policies are inherited from the higher-level resource (organization > folder > project > resource). |
| What is a role in GCP IAM? | A collection of permissions that define what actions a member can take on a resource. |
| What is an organization policy in GCP? | A policy used for centralized management and control of resources across the organization. |
| What is the default behavior of a service account created in GCP? | It has no permissions unless explicitly granted. |
| What is the difference between a primitive role and a predefined role in GCP? | Primitive roles are basic roles (Owner, Editor, Viewer), while predefined roles are more granular roles created by Google. |
| What is the difference between a user-managed and a Google-managed service account? | User-managed accounts are created and managed by users, while Google-managed accounts are automatically created and managed by GCP services. |
| What is the difference between predefined roles and custom roles in GCP? | Predefined roles are managed by Google with specific permissions, while custom roles are user-created with tailored permissions. |
| What is the function of the IAM policy in GCP? | It binds one or more members to a role for a specific resource. |
| What is the function of workload identity in GCP? | It allows Kubernetes workloads to securely use GCP service accounts without private keys. |
| What is the principle of "deny always overrides allow" in GCP IAM? | If a policy explicitly denies access, it overrides any “allow” policies. |
| What is the principle of least privilege in IAM? | Granting only the minimum permissions necessary to perform a task. |
| What is the purpose of Access Transparency in GCP? | To provide visibility into the actions performed by Google administrators on your resources. |
| What is the purpose of an access scope for a VM in GCP? | To limit the OAuth scopes of the VM's service account. |
| What is the purpose of Identity and Access Management (IAM) in GCP? | To define policies that manage access to resources in GCP securely. |
| What is the purpose of the IAM Policy Simulator? | To simulate and test the impact of potential policy changes without applying them. |
| What is the role of the Cloud Identity service in GCP? | It manages user accounts and authentication for GCP resources. |
| What logging service can be used to track IAM changes in GCP? | Cloud Audit Logs. |
| What type of account is commonly used by applications to authenticate themselves to GCP services? | Service accounts. |
Front
What is the function of the IAM policy in GCP?
Click the card to flip
Back
It binds one or more members to a role for a specific resource.
Front
What is the principle of "deny always overrides allow" in GCP IAM?
Back
If a policy explicitly denies access, it overrides any “allow” policies.
Front
What is the difference between predefined roles and custom roles in GCP?
Back
Predefined roles are managed by Google with specific permissions, while custom roles are user-created with tailored permissions.
Front
What does a service account represent in GCP?
Back
A special Google account used by applications or services to authenticate and access GCP resources.
Front
What is a role in GCP IAM?
Back
A collection of permissions that define what actions a member can take on a resource.
Front
What happens if you delete a service account in GCP?
Back
Any resources relying on that service account will lose access, potentially breaking functionality.
Front
What is the function of workload identity in GCP?
Back
It allows Kubernetes workloads to securely use GCP service accounts without private keys.
Front
What is the difference between a user-managed and a Google-managed service account?
Back
User-managed accounts are created and managed by users, while Google-managed accounts are automatically created and managed by GCP services.
Front
What is a policy hierarchy in GCP IAM?
Back
A structure where policies are inherited from the higher-level resource (organization > folder > project > resource).
Front
What type of account is commonly used by applications to authenticate themselves to GCP services?
Back
Service accounts.
Front
What is the role of the Cloud Identity service in GCP?
Back
It manages user accounts and authentication for GCP resources.
Front
What is the purpose of Access Transparency in GCP?
Back
To provide visibility into the actions performed by Google administrators on your resources.
Front
What is the default behavior of a service account created in GCP?
Back
It has no permissions unless explicitly granted.
Front
What is the purpose of an access scope for a VM in GCP?
Back
To limit the OAuth scopes of the VM's service account.
Front
How do you test a custom role’s permissions in GCP?
Back
Use the Policy Troubleshooter or the Test Permissions API.
Front
What is the purpose of the IAM Policy Simulator?
Back
To simulate and test the impact of potential policy changes without applying them.
Front
What is the difference between a primitive role and a predefined role in GCP?
Back
Primitive roles are basic roles (Owner, Editor, Viewer), while predefined roles are more granular roles created by Google.
Front
What are the three main types of IAM members in GCP?
Back
Google accounts, service accounts, and Google groups.
Front
What is the principle of least privilege in IAM?
Back
Granting only the minimum permissions necessary to perform a task.
Front
How can you allow all authenticated Google users to access a GCP resource?
Back
Assign the special member allAuthenticatedUsers to the resource.
Front
What is the purpose of Identity and Access Management (IAM) in GCP?
Back
To define policies that manage access to resources in GCP securely.
Front
What is an organization policy in GCP?
Back
A policy used for centralized management and control of resources across the organization.
Front
What logging service can be used to track IAM changes in GCP?
Back
Cloud Audit Logs.
Front
How do you prevent accidental deletion of a service account in GCP?
Back
Enable deletion protection by default when creating the service account.
Front
How do you grant temporary permissions to a user in GCP?
Back
Use the principle of IAM Conditions to apply permissions for a limited time.
1/25
This deck covers topics related to managing users, service accounts, roles, and permissions in GCP to ensure proper access control and security practices.