Bird
0
0

Given this deny policy snippet:

medium📝 Predict Output Q4 of 15
GCP - Cloud IAM Advanced
Given this deny policy snippet:
{"rules": [{"deniedPermissions": ["compute.instances.delete"]}]}

If a user has an allow policy for "compute.instances.delete", what will happen when they try to delete an instance?
AThe delete action will be denied due to the deny policy.
BThe delete action will be allowed because allow policies override deny policies.
CThe delete action will be allowed only if the user is an admin.
DThe delete action will be logged but not blocked.
Step-by-Step Solution
Solution:

  1. Step 1: Analyze deny policy effect on permission

    The deny policy explicitly blocks "compute.instances.delete" permission.

  2. Step 2: Understand policy precedence

    Deny policies override allow policies, so the user cannot delete instances despite allow.

  3. Final Answer:

    The delete action will be denied due to the deny policy. -> Option A

  4. Quick Check:

    Deny overrides allow = Deny action [OK]
Quick Trick: Deny always blocks action even if allowed elsewhere [OK]
Common Mistakes:
  • Assuming allow policies override deny
  • Thinking admin role bypasses deny policy
  • Believing deny policies only log actions

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More GCP Quizzes
Cloud Firestore and Bigtable - Bigtable for time-series data - Quiz 2easy Cloud Functions - Cloud Functions generations (1st vs 2nd) - Quiz 2easy Cloud IAM Advanced - VPC Service Controls - Quiz 6medium Cloud IAM Advanced - Audit logging - Quiz 14medium Cloud Monitoring and Logging - Log Explorer and queries - Quiz 11easy Cloud Pub/Sub - Pull vs push subscriptions - Quiz 12easy Cloud Run - Cloud Run jobs for batch work - Quiz 10hard Cloud Run - Deploying container images - Quiz 11easy Cloud SQL and Databases - Backup and restore - Quiz 11easy Cloud SQL and Databases - Why managed databases matter - Quiz 1easy