Crucial Exams

GCP Professional Cloud Architect Practice Question

CheapCorp's resource hierarchy is Organization → Folder "Prod" → Project "acme-prod". IAM policies are configured as follows: (1) the organization has no bindings for [email protected]; (2) on the Prod folder, [email protected] is granted roles/storage.objectAdmin, and an IAM deny policy explicitly denies the permission storage.objects.delete for alice; (3) on the project, [email protected] is granted roles/storage.objectViewer; (4) the bucket inside the project has no additional bindings. When Alice executes gsutil rm gs://reports-prod/payroll.csv, what is the outcome of the policy evaluation?

  • The request succeeds because roles/storage.objectAdmin at the folder grants delete and overrides the deny that is set at the same level.

  • The request is denied because roles/storage.objectViewer does not include delete and higher-level roles are not evaluated during access checks.

  • The request succeeds because bucket permissions inherit only from the project, and there is no deny defined at the project level.

  • The request is denied because the explicit deny on storage.objects.delete at the folder overrides the allow granted by roles/storage.objectAdmin.

GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot