0
0
GCPcloud~20 mins

Least privilege principle in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
๐ŸŽ–๏ธ
Least Privilege Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
๐Ÿง  Conceptual
intermediate
2:00remaining
Understanding Least Privilege Principle in GCP IAM

Which of the following best describes the least privilege principle when assigning IAM roles in Google Cloud Platform?

AGrant users only the permissions they need to perform their tasks and no more.
BGrant users all permissions to avoid access issues and simplify management.
CAssign roles based on the user's seniority rather than their job function.
DGive users broad permissions initially and reduce them later if problems arise.
Attempts:
2 left
๐Ÿ’ก Hint

Think about security risks of giving too many permissions.

โ“ Architecture
intermediate
2:00remaining
Designing IAM Roles for a Multi-Team GCP Project

You have three teams: Developers, QA, and Operations. Each team needs access to different GCP resources. How should you apply the least privilege principle when assigning IAM roles?

ACreate custom roles with only the necessary permissions for each team and assign those roles accordingly.
BAssign the Owner role to all teams to ensure full access and avoid permission errors.
CAssign the Viewer role to all teams and escalate permissions only when requested.
DUse predefined roles like Editor for all teams since they cover most permissions.
Attempts:
2 left
๐Ÿ’ก Hint

Consider how to limit permissions to only what each team needs.

โ“ security
advanced
2:00remaining
Impact of Over-Permissive IAM Roles

What is the most likely security risk if a GCP user is assigned the roles/editor role instead of a more restrictive custom role following the least privilege principle?

AThe user will only have read-only access, limiting their ability to work effectively.
BThe user can accidentally or maliciously modify or delete resources beyond their job scope, increasing risk of data loss or service disruption.
CThe user will be automatically logged out after 5 minutes due to security policies.
DThe user will be unable to perform any tasks because Editor role has no permissions.
Attempts:
2 left
๐Ÿ’ก Hint

Think about what permissions the Editor role grants compared to a minimal role.

โ“ service_behavior
advanced
2:00remaining
Effect of Least Privilege on Automated GCP Service Accounts

An automated service account is used by a deployment pipeline in GCP. Which practice aligns with the least privilege principle to minimize security risks?

AAssign the service account the Owner role to ensure it can deploy anything without errors.
BUse the default Compute Engine service account with all permissions for simplicity.
CAssign the service account only the specific permissions needed to deploy resources it manages, not full project access.
DDisable the service account after each deployment to prevent misuse.
Attempts:
2 left
๐Ÿ’ก Hint

Consider how to limit automated account permissions to only what is necessary.

โœ… Best Practice
expert
3:00remaining
Implementing Least Privilege with GCP IAM Conditions

You want to enforce least privilege by restricting a userโ€™s access to a GCP Storage bucket only during business hours (9 AM to 5 PM). Which IAM feature allows you to implement this restriction?

AManually enable and disable the userโ€™s access each day at 9 AM and 5 PM.
BCreate a custom role without any time restrictions and assign it to the user.
CUse VPC Service Controls to restrict access based on IP address only.
DUse IAM Conditions to add a time-based condition on the userโ€™s role binding for the bucket.
Attempts:
2 left
๐Ÿ’ก Hint

Think about how to automate access restrictions based on time.