Which statement correctly describes the difference between IAM and ACLs in Google Cloud Platform?
Think about the scope of control each method provides.
IAM provides role-based access control at the project or resource level, while ACLs are more granular and often used for individual objects like files in Cloud Storage.
You want to allow a specific user to read only one file in a Cloud Storage bucket without giving access to the entire bucket. Which access control method should you use?
Consider the granularity of permissions needed.
ACLs allow you to set permissions on individual objects like files, so you can grant read access to just one file without exposing the whole bucket.
What is the most likely security risk if a user is granted the 'Owner' IAM role on a GCP project?
Think about what the 'Owner' role allows in GCP.
The 'Owner' role grants full control over all resources in the project, including creating, modifying, and deleting resources, which can lead to security risks if misused.
If you remove all ACL entries from a Cloud Storage object, what will be the effect on access to that object?
Consider how access is controlled when ACLs are empty.
Without ACLs, access to the object depends on IAM permissions set at the bucket or project level. The object is not public by default.
In a large organization with many teams and projects, what is the best practice for managing access control to ensure security and ease of management?
Think about scalability and security in large teams.
Using IAM groups and predefined roles simplifies management and improves security by avoiding direct user assignments and limiting ACL use to specific cases.