exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam

Exam Associate Cloud Engineer topic 1 question 211 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 211
Topic #: 1
[All Associate Cloud Engineer Questions]

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

  • A. Create a custom role, and add all the required compute.disks.list and compute.images.list permissions as includedPermissions. Grant the custom role to the user at the project level.
  • B. Create a custom role based on the Compute Image User role. Add the compute.disks.list to the includedPermissions field. Grant the custom role to the user at the project level.
  • C. Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.
  • D. Grant the Compute Storage Admin role at the project level.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
rahulrauki
1 year, 2 months ago
Selected Answer: A
You can't give B because, Image user will be able to use the Image to create resources. Only give list access
upvoted 3 times
...
joao_01
1 year, 2 months ago
Its A. Give user ONLY the required permission.
upvoted 2 times
...
Captain1212
1 year, 2 months ago
Selected Answer: A
A is the correct answer , just create the custom role add all the required permissoons , give to the user
upvoted 3 times
...
demoro86
1 year, 3 months ago
Selected Answer: A
I have successfully created a custom role with compute.disks.list and compute.image.list permissions. I have also tried creating it based on the Compute Storage Admin role. However, you still need to select compute.disks.list and compute.image.list individually; all permissions are unchecked by default. So A fits fine.
upvoted 4 times
...
3arle
1 year, 4 months ago
Selected Answer: A
The key word is "needs list access", so only A meets this requirement
upvoted 3 times
...
juliorevk
1 year, 4 months ago
Selected Answer: A
https://cloud.google.com/iam/docs/custom-roles-permissions-support - Both compute.disks.list and compute.images.list are available as permissions for custom roles. Makes more sense to make a new custom role than going off an admin one then adjusting it.
upvoted 2 times
...
shreykul
1 year, 4 months ago
Selected Answer: B
Option B allows you to create a custom role that is based on the existing Compute Image User role, which already includes the necessary permissions for accessing compute images. Then, you add the compute.disks.list permission to the custom role's includedPermissions field to grant the user list access to compute disks as well. This ensures that the user has precisely the permissions needed for their specific tasks and nothing more, following the principle of least privilege.
upvoted 4 times
...
shreykul
1 year, 4 months ago
Selected Answer: A
https://cloud.google.com/sdk/gcloud/reference/compute/images/list https://cloud.google.com/compute/docs/reference/rest/v1/disks/list
upvoted 1 times
...
fatanu88
1 year, 4 months ago
Answer is B: Compute image user role provide permission to list and read images without having other permissions on the image. Granting this role at the project level gives users the ability to list all images in the project and create resources, such as instances and persistent disks, based on images in the project. Adding the compute.disks.list then meet all the question requirements
upvoted 2 times
...
FJ82
1 year, 4 months ago
Selected Answer: C
Tried this, could not find those permissions when I tried to create custom role directly, you need to create from the role
upvoted 3 times
techsteph
1 year, 4 months ago
You're right, changing my answer to C.
upvoted 2 times
...
...
techsteph
1 year, 4 months ago
Selected Answer: A
https://cloud.google.com/compute/docs/access/iam
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...