Identity and Access Management (IAM) Flashcards

1
Q

How can you create a custom role in IAM?

A

Using the IAM policy, Cloud Console, or gcloud command-line tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can you view IAM policies for a resource?

A

Using the Cloud Console, gcloud command-line tool, or API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you audit IAM policies?

A

Using the IAM Policy Troubleshooter, Cloud Audit Logs, or third-party tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are IAM policies made up of?

A

Bindings, which include members and roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are IAM roles used for?

A

To assign a set of permissions to a user, group, or service account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are IAM roles?

A

A collection of permissions that can be assigned to users or groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are basic roles in IAM?

A

Basic roles are broad roles that include Owner, Editor, and Viewer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are custom roles in IAM?

A

Roles created by users with a specific set of permissions tailored to their needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are predefined roles in IAM?

A

Roles created by Google that provide granular access to specific resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the basic IAM roles?

A

Owner, Editor, Viewer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the levels in the IAM policy hierarchy?

A

Organization, folder, project, and resource levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three main components of IAM?

A

Principals, Roles, and Policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the three types of IAM roles?

A

Basic, predefined, and custom roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the types of audit logs in IAM?

A

Admin Activity, Data Access, and System Event logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does IAM stand for in Google Cloud?

A

Identity and Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the Editor role in IAM allow you to do?

A

Modify all resources but not manage access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does the Owner role in IAM allow you to do?

A

Full control over all resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the Viewer role in IAM allow you to do?

A

Read-only access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What happens if a role is granted at a higher level in the IAM hierarchy?

A

It is inherited by all resources under that level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a condition in an IAM policy?

A

A condition is an optional part of a policy binding that specifies when the binding is in effect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a member in IAM?

A

An entity (user, group, service account) that can be granted access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a permission in IAM?

A

A permission allows a principal to perform a specific action on a resource.

23
Q

What is a policy hierarchy in IAM?

A

The structure that determines how IAM policies are inherited across resources

24
Q

What is a policy in IAM?

A

A policy binds one or more roles to one or more principals, defining who has what type of access to a resource.

25
Q

What is a policy version in IAM?

A

A policy version allows you to use different syntax features for policy conditions.

26
Q

What is a policy violation in IAM?

A

A policy violation occurs when a principal attempts to perform an action they don’t have permission for.

27
Q

What is a principal in IAM?

A

An entity that can take action on Google Cloud resources, including users, groups, and service accounts.

28
Q

What is a role in IAM?

A

A collection of permissions that can be assigned to principals to perform specific actions on resources.

29
Q

What is a service account in IAM?

A

A special account used by applications and virtual machines to make authorized API calls

30
Q

What is a service account key file?

A

A JSON or P12 file that contains the credentials for a service account

31
Q

What is an IAM condition?

A

A logic expression that allows you to define and enforce access control based on attributes

32
Q

What is an IAM policy binding?

A

A relationship that includes: a member, a role, and optionally a condition.

33
Q

What is an IAM policy hierarchy?

A

It defines how policies are inherited from the organization to the project and resource levels.

34
Q

What is an IAM policy simulator?

A

A tool that lets you test the effects of policy changes before applying them.

35
Q

What is an IAM policy?

A

A collection of statements that define who has what type of access to which resources

36
Q

What is an IAM primitive role?

A

Primitive roles are the basic roles (Owner, Editor, Viewer) that existed before IAM’s more granular roles.

37
Q

What is an audit log in IAM?

A

An audit log records who did what, where, and when, providing a detailed record of API operations.

38
Q

What is an example of a predefined IAM role?

A

Compute Engine Admin, Storage Object Viewer, BigQuery Data Editor

39
Q

What is the Cloud IAM API?

A

It is RESTful API that allows you to manage IAM policies and roles programmatically.

40
Q

What is the IAM Policy Troubleshooter?

A

A tool that helps you understand and troubleshoot access issues

41
Q

What is the IAM Recommender?

A

The IAM Recommender provides recommendations to help you enforce the principle of least privilege.

42
Q

What is the default behavior for IAM policy inheritance?

A

Policies are inherited from the parent resource to the child resource unless explicitly overridden.

43
Q

What is the difference between a member and a principal?

A

A principal is a broader term that includes users, groups, service accounts, and other identities, while a member typically refers to a specific user or group.

44
Q

What is the difference between a user and a service account in IAM?

A

A user represents a person, while a service account represents an application or VM

45
Q

What is the function of an IAM binding?

A

To associate members with roles

46
Q

What is the gcloud command to list IAM policies for a project?

A

gcloud projects get-iam-policy PROJECT_ID

47
Q

What is the highest level in the IAM policy hierarchy?

A

The organization level.

48
Q

What is the lowest level in the IAM policy hierarchy?

A

The resource level.

49
Q

What is the primary function of IAM?

A

To manage access to resources and ensure security

50
Q

What is the principle of least privilege in IAM?

A

Granting only the permissions necessary for a user to perform their job

51
Q

What is the purpose of IAM conditions?

A

To grant access based on specific criteria, such as time or resource attributes

52
Q

What is the purpose of IAM roles?

A

IAM roles grant permissions to principals to perform specific actions on resources.

53
Q

What is the purpose of a service account key?

A

To authenticate applications and VMs as service accounts

54
Q

What types of roles are available in IAM?

A

Basic roles, predefined roles, and custom roles.