GCP Professional Cloud Security Engineer Practice Question
A DevOps team maintains an automation script that provisions Google Cloud projects and sets up their initial IAM posture. As part of onboarding a new project, the script must create a Google Group named "proj-analytics-admins" inside the organization example.com, assign it the Project IAM role roles/owner on the new project, and ensure that rerunning the script does not create duplicate groups. Which gcloud command sequence best satisfies these requirements while remaining idempotent?
Use gcloud identity groups describe [email protected] --format="value(name)" || gcloud identity groups create [email protected] --organization="123456789" --display-name="Project Analytics Admins", then call gcloud projects add-iam-policy-binding PROJECT_ID --member="group:[email protected]" --role="roles/owner".
Execute a single gcloud resource-manager set-iam-policy command with an inline JSON policy that both creates the group and assigns roles/owner to it for the new project.
Run gcloud iam service-accounts create proj-analytics-admins --display-name="Project Analytics Admins" followed by gcloud projects set-iam-policy PROJECT_ID policy.json where the policy grants Owner to the new service account.
Invoke the Groups Settings API to create a group named [email protected] and then set the Owner role by updating the group's settings with an HTTP PATCH request.
The most reliable way to create or look up a Cloud Identity Group within an organization and avoid duplication is to first attempt to fetch the group by its email address; if it does not exist, create it. The gcloud identity groups describe command exits with a non-zero status when the group is absent, which a script can test to decide whether to call gcloud identity groups create. After ensuring the group exists, the script can bind the desired IAM role with gcloud projects add-iam-policy-binding. Using gcloud iam service-accounts commands is incorrect because they manage service accounts, not Google Groups. The Resource Manager set-iam-policy command requires crafting a policy file and overwrites existing bindings, reducing idempotency. The Groups Settings API manages configuration of an existing group's properties; it cannot create groups or set project-level IAM bindings.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'idempotent' mean in the context of cloud automation scripts?
Open an interactive chat with Bash
What is the purpose of 'gcloud identity groups describe' and 'gcloud identity groups create' commands?
Open an interactive chat with Bash
Why is 'gcloud projects add-iam-policy-binding' preferred for assigning IAM roles in this scenario?
Open an interactive chat with Bash
What does 'idempotent' mean in the context of automation scripts?
Open an interactive chat with Bash
What is the purpose of the `gcloud identity groups describe` command?
Open an interactive chat with Bash
Why is the `gcloud projects add-iam-policy-binding` command used for role assignment?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .