Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

During a PCI compliance audit, your organization must prove that only authorized identities can start Compute Engine instances. You are asked to deliver, within hours, a single report that enumerates every principal who currently has the compute.instances.start permission in any project under the Payments folder, taking into account all inherited IAM bindings and custom roles. You cannot modify policies and want to avoid writing custom scripts. Which Policy Intelligence capability should you use to satisfy this requirement?

  • Run an access analysis on the Payments folder with Policy Analyzer and export the results.

  • Use IAM Recommender to generate least-privilege role suggestions for the Payments folder.

  • Review Access Approval logs to identify identities that requested Compute Engine start approvals.

  • Execute Policy Troubleshooter for each principal and aggregate the outcomes manually.

GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot