GCP Professional Cloud Security Engineer Practice Question
Your organization has hundreds of Google Cloud projects under a single Organization node. Corporate security analysts must be able to inventory and inspect the configuration details of every existing and future Compute Engine VM instance across the environment. They must not have permission to modify any resources, view non-Compute services, or access billing information. Which IAM design best meets these requirements while enforcing the principle of least privilege?
Bind the predefined role roles/viewer to the security analysts' group at the Organization level.
Bind the predefined role roles/compute.viewer to the security analysts' group at the Organization level.
Bind the predefined role roles/compute.admin to the security analysts' group at the Folder level that currently contains all projects.
Grant the security analysts' group roles/compute.viewer on each existing project and instruct project owners to add the binding when new projects are created.
The Compute Viewer role (roles/compute.viewer) grants read-only permissions limited to Compute Engine resources such as instances, disks, and images. Binding this role to the security analysts' group at the Organization node means the permission set automatically propagates to every current and future project, eliminating gaps caused by projects created later. Granting Viewer, Owner, or Compute Admin roles would either expose broader services or confer modification privileges, violating least-privilege intentions. Granting roles on individual projects would satisfy the scope today but would require continuous manual updates and would miss newly created projects, creating operational risk and unnecessary complexity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
How does IAM inheritance work in Google Cloud?
Open an interactive chat with Bash
What does the roles/compute.viewer predefined IAM role allow?
Open an interactive chat with Bash
What does the roles/compute.viewer IAM role allow in Google Cloud?
Open an interactive chat with Bash
Why is assigning IAM roles at the Organization level advantageous?
Open an interactive chat with Bash
What is the principle of least privilege, and why is it important?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .