Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your security team is enforcing least-privilege access for AI workloads. A group of external analysts must perform online predictions by invoking an existing Vertex AI endpoint, but they must never be able to list or download the training data that resides in a Cloud Storage bucket. Which IAM assignment best satisfies the requirement while following the principle of least privilege?

  • Grant the analysts the Vertex AI User role (roles/aiplatform.user) only on the target endpoint and grant no Cloud Storage roles.

  • Grant the analysts the Vertex AI Viewer role on the project and the Storage Object Viewer role on the training-data bucket.

  • Grant the analysts the Vertex AI Developer role on the project; do not assign any Cloud Storage permissions.

  • Grant the analysts the Vertex AI Admin role on the project and Storage Object Viewer on the bucket, then rely on audit logs to detect misuse.

GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot