Identity and Access Management (IAM) Flashcards
How can you create a custom role in IAM?
Using the IAM policy, Cloud Console, or gcloud command-line tool
How can you view IAM policies for a resource?
Using the Cloud Console, gcloud command-line tool, or API
How do you audit IAM policies?
Using the IAM Policy Troubleshooter, Cloud Audit Logs, or third-party tools
What are IAM policies made up of?
Bindings, which include members and roles
What are IAM roles used for?
To assign a set of permissions to a user, group, or service account
What are IAM roles?
A collection of permissions that can be assigned to users or groups
What are basic roles in IAM?
Basic roles are broad roles that include Owner, Editor, and Viewer.
What are custom roles in IAM?
Roles created by users with a specific set of permissions tailored to their needs
What are predefined roles in IAM?
Roles created by Google that provide granular access to specific resources
What are the basic IAM roles?
Owner, Editor, Viewer
What are the levels in the IAM policy hierarchy?
Organization, folder, project, and resource levels
What are the three main components of IAM?
Principals, Roles, and Policies.
What are the three types of IAM roles?
Basic, predefined, and custom roles
What are the types of audit logs in IAM?
Admin Activity, Data Access, and System Event logs.
What does IAM stand for in Google Cloud?
Identity and Access Management
What does the Editor role in IAM allow you to do?
Modify all resources but not manage access
What does the Owner role in IAM allow you to do?
Full control over all resources
What does the Viewer role in IAM allow you to do?
Read-only access to resources
What happens if a role is granted at a higher level in the IAM hierarchy?
It is inherited by all resources under that level
What is a condition in an IAM policy?
A condition is an optional part of a policy binding that specifies when the binding is in effect.
What is a member in IAM?
An entity (user, group, service account) that can be granted access to resources
What is a permission in IAM?
A permission allows a principal to perform a specific action on a resource.
What is a policy hierarchy in IAM?
The structure that determines how IAM policies are inherited across resources
What is a policy in IAM?
A policy binds one or more roles to one or more principals, defining who has what type of access to a resource.
What is a policy version in IAM?
A policy version allows you to use different syntax features for policy conditions.
What is a policy violation in IAM?
A policy violation occurs when a principal attempts to perform an action they don’t have permission for.
What is a principal in IAM?
An entity that can take action on Google Cloud resources, including users, groups, and service accounts.
What is a role in IAM?
A collection of permissions that can be assigned to principals to perform specific actions on resources.
What is a service account in IAM?
A special account used by applications and virtual machines to make authorized API calls
What is a service account key file?
A JSON or P12 file that contains the credentials for a service account
What is an IAM condition?
A logic expression that allows you to define and enforce access control based on attributes
What is an IAM policy binding?
A relationship that includes: a member, a role, and optionally a condition.
What is an IAM policy hierarchy?
It defines how policies are inherited from the organization to the project and resource levels.
What is an IAM policy simulator?
A tool that lets you test the effects of policy changes before applying them.
What is an IAM policy?
A collection of statements that define who has what type of access to which resources
What is an IAM primitive role?
Primitive roles are the basic roles (Owner, Editor, Viewer) that existed before IAM’s more granular roles.
What is an audit log in IAM?
An audit log records who did what, where, and when, providing a detailed record of API operations.
What is an example of a predefined IAM role?
Compute Engine Admin, Storage Object Viewer, BigQuery Data Editor
What is the Cloud IAM API?
It is RESTful API that allows you to manage IAM policies and roles programmatically.
What is the IAM Policy Troubleshooter?
A tool that helps you understand and troubleshoot access issues
What is the IAM Recommender?
The IAM Recommender provides recommendations to help you enforce the principle of least privilege.
What is the default behavior for IAM policy inheritance?
Policies are inherited from the parent resource to the child resource unless explicitly overridden.
What is the difference between a member and a principal?
A principal is a broader term that includes users, groups, service accounts, and other identities, while a member typically refers to a specific user or group.
What is the difference between a user and a service account in IAM?
A user represents a person, while a service account represents an application or VM
What is the function of an IAM binding?
To associate members with roles
What is the gcloud command to list IAM policies for a project?
gcloud projects get-iam-policy PROJECT_ID
What is the highest level in the IAM policy hierarchy?
The organization level.
What is the lowest level in the IAM policy hierarchy?
The resource level.
What is the primary function of IAM?
To manage access to resources and ensure security
What is the principle of least privilege in IAM?
Granting only the permissions necessary for a user to perform their job
What is the purpose of IAM conditions?
To grant access based on specific criteria, such as time or resource attributes
What is the purpose of IAM roles?
IAM roles grant permissions to principals to perform specific actions on resources.
What is the purpose of a service account key?
To authenticate applications and VMs as service accounts
What types of roles are available in IAM?
Basic roles, predefined roles, and custom roles.
