Identity and Access Management (IAM)

Question 1

How can you create a custom role in IAM?

Answer 1

Using the IAM policy, Cloud Console, or gcloud command-line tool

Question 2

How can you view IAM policies for a resource?

Answer 2

Using the Cloud Console, gcloud command-line tool, or API

Question 3

How do you audit IAM policies?

Answer 3

Using the IAM Policy Troubleshooter, Cloud Audit Logs, or third-party tools

Question 4

What are IAM policies made up of?

Answer 4

Bindings, which include members and roles

Question 5

What are IAM roles used for?

Answer 5

To assign a set of permissions to a user, group, or service account

Question 6

What are IAM roles?

Answer 6

A collection of permissions that can be assigned to users or groups

Question 7

What are basic roles in IAM?

Answer 7

Basic roles are broad roles that include Owner, Editor, and Viewer.

Question 8

What are custom roles in IAM?

Answer 8

Roles created by users with a specific set of permissions tailored to their needs

Question 9

What are predefined roles in IAM?

Answer 9

Roles created by Google that provide granular access to specific resources

Question 10

What are the basic IAM roles?

Answer 10

Owner, Editor, Viewer

Question 11

What are the levels in the IAM policy hierarchy?

Answer 11

Organization, folder, project, and resource levels

Question 12

What are the three main components of IAM?

Answer 12

Principals, Roles, and Policies.

Question 13

What are the three types of IAM roles?

Answer 13

Basic, predefined, and custom roles

Question 14

What are the types of audit logs in IAM?

Answer 14

Admin Activity, Data Access, and System Event logs.

Question 15

What does IAM stand for in Google Cloud?

Answer 15

Identity and Access Management

Question 16

What does the Editor role in IAM allow you to do?

Answer 16

Modify all resources but not manage access

Question 17

What does the Owner role in IAM allow you to do?

Answer 17

Full control over all resources

Question 18

What does the Viewer role in IAM allow you to do?

Answer 18

Read-only access to resources

Question 19

What happens if a role is granted at a higher level in the IAM hierarchy?

Answer 19

It is inherited by all resources under that level

Question 20

What is a condition in an IAM policy?

Answer 20

A condition is an optional part of a policy binding that specifies when the binding is in effect.

Question 21

What is a member in IAM?

Answer 21

An entity (user, group, service account) that can be granted access to resources

Question 22

What is a permission in IAM?

Answer 22

A permission allows a principal to perform a specific action on a resource.

Question 23

What is a policy hierarchy in IAM?

Answer 23

The structure that determines how IAM policies are inherited across resources

Question 24

What is a policy in IAM?

Answer 24

A policy binds one or more roles to one or more principals, defining who has what type of access to a resource.

Question 25

What is a policy version in IAM?

Answer 25

A policy version allows you to use different syntax features for policy conditions.

Question 26

What is a policy violation in IAM?

Answer 26

A policy violation occurs when a principal attempts to perform an action they don’t have permission for.

Question 27

What is a principal in IAM?

Answer 27

An entity that can take action on Google Cloud resources, including users, groups, and service accounts.

Question 28

What is a role in IAM?

Answer 28

A collection of permissions that can be assigned to principals to perform specific actions on resources.

Question 29

What is a service account in IAM?

Answer 29

A special account used by applications and virtual machines to make authorized API calls

Question 30

What is a service account key file?

Answer 30

A JSON or P12 file that contains the credentials for a service account

Question 31

What is an IAM condition?

Answer 31

A logic expression that allows you to define and enforce access control based on attributes

Question 32

What is an IAM policy binding?

Answer 32

A relationship that includes: a member, a role, and optionally a condition.

Question 33

What is an IAM policy hierarchy?

Answer 33

It defines how policies are inherited from the organization to the project and resource levels.

Question 34

What is an IAM policy simulator?

Answer 34

A tool that lets you test the effects of policy changes before applying them.

Question 35

What is an IAM policy?

Answer 35

A collection of statements that define who has what type of access to which resources

Question 36

What is an IAM primitive role?

Answer 36

Primitive roles are the basic roles (Owner, Editor, Viewer) that existed before IAM’s more granular roles.

Question 37

What is an audit log in IAM?

Answer 37

An audit log records who did what, where, and when, providing a detailed record of API operations.

Question 38

What is an example of a predefined IAM role?

Answer 38

Compute Engine Admin, Storage Object Viewer, BigQuery Data Editor

Question 39

What is the Cloud IAM API?

Answer 39

It is RESTful API that allows you to manage IAM policies and roles programmatically.

Question 40

What is the IAM Policy Troubleshooter?

Answer 40

A tool that helps you understand and troubleshoot access issues

Question 41

What is the IAM Recommender?

Answer 41

The IAM Recommender provides recommendations to help you enforce the principle of least privilege.

Question 42

What is the default behavior for IAM policy inheritance?

Answer 42

Policies are inherited from the parent resource to the child resource unless explicitly overridden.

Question 43

What is the difference between a member and a principal?

Answer 43

A principal is a broader term that includes users, groups, service accounts, and other identities, while a member typically refers to a specific user or group.

Question 44

What is the difference between a user and a service account in IAM?

Answer 44

A user represents a person, while a service account represents an application or VM

Question 45

What is the function of an IAM binding?

Answer 45

To associate members with roles

Question 46

What is the gcloud command to list IAM policies for a project?

Answer 46

gcloud projects get-iam-policy PROJECT_ID

Question 47

What is the highest level in the IAM policy hierarchy?

Answer 47

The organization level.

Question 48

What is the lowest level in the IAM policy hierarchy?

Answer 48

The resource level.

Question 49

What is the primary function of IAM?

Answer 49

To manage access to resources and ensure security

Question 50

What is the principle of least privilege in IAM?

Answer 50

Granting only the permissions necessary for a user to perform their job

Question 51

What is the purpose of IAM conditions?

Answer 51

To grant access based on specific criteria, such as time or resource attributes

Question 52

What is the purpose of IAM roles?

Answer 52

IAM roles grant permissions to principals to perform specific actions on resources.

Question 53

What is the purpose of a service account key?

Answer 53

To authenticate applications and VMs as service accounts

Question 54

What types of roles are available in IAM?

Answer 54

Basic roles, predefined roles, and custom roles.