GCP Professional Cloud Security Engineer Practice Question
Your organization's Cloud Build service account needs to retrieve a database password that is stored in a single Secret Manager secret. Compliance rules require that the service account be able to read only the secret's payload at deployment time; it must not be able to add new versions, change IAM policies, or list any other secrets in the project. Which single IAM role should you grant on that secret only to adhere to the principle of least privilege?
Grant the Secret Manager Admin role (roles/secretmanager.admin) on the specific secret.
Grant the Secret Manager Secret Version Manager role (roles/secretmanager.secretVersionManager) on the specific secret.
Grant the Secret Manager Viewer role (roles/secretmanager.viewer) on the project.
Grant the Secret Manager Secret Accessor role (roles/secretmanager.secretAccessor) on the specific secret.
Grant the Secret Manager Secret Accessor role (roles/secretmanager.secretAccessor) on the specific secret. This predefined role includes the minimal permissions needed to read secret version payloads (secretmanager.secrets.access and secretmanager.versions.access) but does not allow listing secrets, modifying secret metadata, adding or destroying versions, or changing IAM policies. Other roles such as Secret Manager Viewer, Secret Version Manager, or Secret Manager Admin grant additional capabilities (like listing secrets, managing versions, or altering IAM) that exceed what is required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the Secret Manager Secret Accessor role allow?
Open an interactive chat with Bash
What differentiates the Secret Accessor role from the Secret Manager Admin role?
Open an interactive chat with Bash
Why is the principle of least privilege important in granting IAM roles?
Open an interactive chat with Bash
What is the principle of least privilege in IAM roles?
Open an interactive chat with Bash
What permissions does the Secret Manager Secret Accessor role provide?
Open an interactive chat with Bash
Why can't the Secret Manager Viewer role be used in this scenario?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .