Your operations team occasionally needs to manually start and stop development VM instances during off-hours incidents. They must not create, delete, or reconfigure any Compute Engine resources. Which IAM strategy best enforces the principle of least privilege for these engineers?
Grant the engineers both roles/compute.viewer and roles/iam.serviceAccountUser on the project.
Create a custom role containing only compute.instances.start and compute.instances.stop, then bind that role to the engineers on the project.
Make the engineers project Owners on the development project only.
Grant the engineers the predefined role roles/compute.instanceAdmin.v1 on the project.
The predefined role compute.instanceAdmin.v1 contains broad permissions such as compute.instances.create and compute.instances.delete, which exceed the requirement. Viewer roles do not include the ability to start or stop VMs, and basic Owner roles grant unrestricted access. The most restrictive solution is to create a custom role that includes only the specific permissions compute.instances.start and compute.instances.stop (and any additional monitoring permissions if required) and grant that custom role to the engineers on the project.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
How do you create a custom role in GCP?
Open an interactive chat with Bash
Why is roles/compute.instanceAdmin.v1 unsuitable for this scenario?
Open an interactive chat with Bash
What is IAM and why is it essential in cloud computing?
Open an interactive chat with Bash
How do custom roles differ from predefined roles in GCP IAM?
Open an interactive chat with Bash
What do the permissions compute.instances.start and compute.instances.stop allow users to do?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .