0
0
GCPcloud~20 mins

IAM policy binding in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
IAM Policy Binding Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What happens when you bind a role to a user in an IAM policy?

You add a binding in an IAM policy that assigns the role roles/storage.objectViewer to a user. What is the immediate effect on that user's permissions?

AThe user can read objects in the specified Cloud Storage bucket immediately.
BThe user can create new buckets in the project immediately.
CThe user can delete any object in the project immediately.
DThe user can modify IAM policies on the project immediately.
Attempts:
2 left
💡 Hint

Think about what the roles/storage.objectViewer role allows.

🧠 Conceptual
intermediate
2:00remaining
Which statement about IAM policy bindings is true?

Consider the following statements about IAM policy bindings. Which one is correct?

AA binding can assign multiple roles to a single member in one entry.
BA binding can assign roles only at the project level, not at resource level.
CA binding can only assign roles to service accounts, not users.
DA binding assigns one role to one or more members in one entry.
Attempts:
2 left
💡 Hint

Think about the structure of an IAM policy binding.

security
advanced
2:00remaining
What is the security risk of granting the role roles/owner in an IAM policy binding?

You bind the role roles/owner to a user on a project. What is the main security risk of this action?

AThe user can only modify billing settings but not access resources.
BThe user can only view resources but cannot make changes.
CThe user can delete the entire project and all its resources.
DThe user can only create new resources but cannot delete existing ones.
Attempts:
2 left
💡 Hint

Consider the permissions included in the roles/owner role.

Configuration
advanced
2:00remaining
Which IAM policy binding JSON snippet correctly grants the role roles/editor to a group?

Identify the correct JSON snippet that binds the role roles/editor to the group dev-team@example.com on a project.

A
{
  "bindings": [
    {
      "role": "roles/editor",
      "members": ["group:dev-team@example.com"]
    }
  ]
}
B
{
  "bindings": [
    {
      "role": "roles/editor",
      "members": ["user:dev-team@example.com"]
    }
  ]
}
C
}
]  
}    
]"moc.elpmaxe@maet-ved:puorg"[ :"srebmem"      
,"rotide/selor" :"elor"      
{    
[ :"sgnidnib"  
{
D
{
  "bindings": [
    {
      "role": "roles/editor",
      "members": ["group:dev-team@example"]
    }
  ]
}
Attempts:
2 left
💡 Hint

Check the member type prefix and email spelling.

Architecture
expert
2:00remaining
How does IAM policy binding inheritance work across GCP resource hierarchy?

Given a role binding at the organization level, which statement best describes how it affects projects and resources below it?

AThe binding applies only to the organization resource and not to any projects or resources below it.
BThe binding applies to all projects and resources under the organization unless overridden by a deny policy.
CThe binding applies only to projects explicitly listed in the binding.
DThe binding applies only to resources created after the binding was set.
Attempts:
2 left
💡 Hint

Think about how IAM policies propagate in GCP's resource hierarchy.