An administrator needs to let an operations engineer start and stop Compute Engine VM instances in the prod-project. They try to update the project's IAM policy with the following YAML snippet:
gcloud projects set-iam-policy returns an "invalid argument" error. Which statement best explains why this binding is rejected?
Fine-grained permissions can only be applied after the user receives the legacy Editor role, which is missing in the binding.
The permissions are written with dot notation; IAM requires snake_case identifiers in the role field, causing the command to fail.
Start and stop permissions are resource-specific and can only be granted on each VM instance, not at the project level, so the project-level binding fails.
IAM bindings can reference only a single role name; you must grant a predefined or custom role that contains the start and stop permissions instead of listing permissions directly.
An IAM policy binding always maps one or more principals to a single role identifier such as roles/compute.instanceAdmin.v1 or a custom role that you create. A role is a collection of permissions; individual permissions like compute.instances.start and compute.instances.stop cannot appear directly in the role field. To meet the requirement, create or reuse a role that contains only those permissions and bind that role to the user. The other options describe limitations that do not exist: start/stop permissions can be granted at the project level, IAM permissions are written with dotted notation, and basic roles such as Editor are not prerequisites for fine-grained access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IAM policy binding in GCP?
Open an interactive chat with Bash
How do roles and permissions work in GCP IAM?
Open an interactive chat with Bash
What is the difference between predefined roles and custom roles in GCP IAM?
Open an interactive chat with Bash
What is an IAM policy binding in GCP?
Open an interactive chat with Bash
Why does the YAML snippet fail when specifying multiple permissions directly in the role field?
Open an interactive chat with Bash
How can you create a custom role to grant specific permissions in GCP?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .