Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your organization operates over 120 Google Cloud projects contained in multiple folders. Today, each project's IAM policy grants roles directly to dozens of individual engineers. Because engineers frequently join, leave, or move between teams, project owners spend significant effort updating IAM policies and risk overlooking stale accounts. Security leadership asks for a solution that will sharply cut the number of IAM policy edits while still letting team leads quickly adjust who has access to their projects. Which strategy best meets these goals?

  • Replace individual role bindings with bindings that grant roles to Google Groups mapped to each engineering team, and delegate group membership management to team leads.

  • Enable IAM Recommender to automatically down-scope excessive permissions for each engineer across all projects.

  • Create custom IAM roles tailored to each engineer and bind them at the project level, updating the bindings when the engineer changes teams.

  • Use Access Context Manager to create an access level per engineer and add an IAM condition to every existing project-level binding.

GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot