Bird
0
0

Which statement best describes the scope of an IAM deny policy in Google Cloud?

easy📝 Conceptual Q2 of 15
GCP - Cloud IAM Advanced
Which statement best describes the scope of an IAM deny policy in Google Cloud?
AIt applies only to the specific resource where it is set.
BIt applies to all resources in the project and below.
CIt applies globally across all Google Cloud projects.
DIt applies only to users in the same organization.
Step-by-Step Solution
Solution:

  1. Step 1: Understand deny policy inheritance

    Deny policies set at a project level apply to that project and all resources within it.

  2. Step 2: Clarify scope limits

    Deny policies do not apply globally or only to specific users but to all identities accessing the resources under the scope.

  3. Final Answer:

    It applies to all resources in the project and below. -> Option B

  4. Quick Check:

    Deny policy scope = Project and resources [OK]
Quick Trick: Deny policies cascade down resource hierarchy [OK]
Common Mistakes:
  • Assuming deny policies apply globally
  • Thinking deny policies affect only one resource
  • Believing deny policies target only organization users

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More GCP Quizzes
Cloud Firestore and Bigtable - Bigtable for time-series data - Quiz 2easy Cloud Functions - Cloud Functions generations (1st vs 2nd) - Quiz 2easy Cloud IAM Advanced - VPC Service Controls - Quiz 6medium Cloud IAM Advanced - Audit logging - Quiz 14medium Cloud Monitoring and Logging - Log Explorer and queries - Quiz 11easy Cloud Pub/Sub - Pull vs push subscriptions - Quiz 12easy Cloud Run - Cloud Run jobs for batch work - Quiz 10hard Cloud Run - Deploying container images - Quiz 11easy Cloud SQL and Databases - Backup and restore - Quiz 11easy Cloud SQL and Databases - Why managed databases matter - Quiz 1easy