0
0
GCPcloud~20 mins

Custom roles creation in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Custom Roles Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Custom Role Permissions Scope

You create a custom role in Google Cloud Platform (GCP). Which statement correctly describes the scope of permissions you can assign to this custom role?

AYou can assign permissions only if you have Owner role on the project.
BYou can only assign permissions from services enabled in your project or organization.
CYou can assign permissions only from the Compute Engine service.
DYou can assign any permissions available in GCP, including those from services not enabled in your project.
Attempts:
2 left
💡 Hint

Think about whether permissions depend on enabled services or the full GCP permission set.

Configuration
intermediate
2:00remaining
Valid JSON for Creating a Custom Role

Which JSON snippet correctly defines a custom role with title 'Data Viewer', description 'Can view data', and permissions to read BigQuery datasets?

A
{
  "roleId": "dataViewer",
  "role": {
    "title": "Data Viewer",
    "description": "Can view data",
    "includedPermissions": ["bigquery.datasets.get", "bigquery.tables.get"]
  }
}
B
{
  "roleId": "dataViewer",
  "role": {
    "title": "Data Viewer",
    "description": "Can view data",
    "permissions": ["bigquery.datasets.get", "bigquery.tables.get"]
  }
}
C
{
  "id": "dataViewer",
  "role": {
    "title": "Data Viewer",
    "description": "Can view data",
    "includedPermissions": ["bigquery.datasets.get"]
  }
}
D
{
  "roleId": "dataViewer",
  "title": "Data Viewer",
  "description": "Can view data",
  "includedPermissions": ["bigquery.datasets.get", "bigquery.tables.get"]
}
Attempts:
2 left
💡 Hint

Check the correct key names for permissions and role ID in the JSON structure.

Architecture
advanced
2:00remaining
Best Practice for Custom Role Assignment Scope

You want to assign a custom role to users but limit their permissions only to a specific project. Which is the best practice to achieve this?

ACreate the custom role at the project level and assign it at the project level.
BCreate the custom role at the project level and assign it at the organization level.
CCreate the custom role at the organization level and assign it at the project level.
DCreate the custom role at the folder level and assign it at the organization level.
Attempts:
2 left
💡 Hint

Consider where the role is created and where it is assigned to limit scope.

security
advanced
2:00remaining
Security Risk of Overly Broad Custom Roles

What is a key security risk when creating a custom role that includes too many permissions?

AUsers may be unable to perform any actions due to lack of permissions.
BThe custom role will automatically be disabled by GCP security checks.
CUsers may gain unintended access to sensitive resources, increasing risk of data leaks.
DThe custom role will cause billing to increase automatically.
Attempts:
2 left
💡 Hint

Think about what happens if users have more permissions than needed.

service_behavior
expert
2:00remaining
Effect of Deleting a Custom Role in Use

What happens immediately after deleting a custom role that is currently assigned to users in GCP?

AUsers keep the permissions from the deleted custom role until their next login, then lose them.
BUsers immediately lose all permissions granted by the deleted custom role.
CUsers keep the permissions permanently even after role deletion.
DGCP automatically replaces the deleted custom role with a predefined role.
Attempts:
2 left
💡 Hint

Consider how GCP enforces permissions when roles are removed.