You want to deny both storage.buckets.delete and storage.objects.delete permissions using a single deny policy rule, while allowing all other permissions. Which JSON snippet correctly achieves this?

hard📝 Application Q9 of 15

GCP - Cloud IAM Advanced

You want to deny both storage.buckets.delete and storage.objects.delete permissions using a single deny policy rule, while allowing all other permissions. Which JSON snippet correctly achieves this?

A{"rules": [{"deniedPermissions": ["storage.buckets.delete", "storage.objects.delete"]}]}

B{"denyRules": [{"deniedPermissions": "storage.buckets.delete,storage.objects.delete"}]}

C{"denyRules": [{"deniedPermissions": ["storage.buckets.delete"]}, {"deniedPermissions": ["storage.objects.delete"]}]}

D{"denyRules": [{"deniedPermissions": ["storage.buckets.delete", "storage.objects.delete"]}]}

Step-by-Step Solution

Solution:

Step 1: Use 'denyRules' key
The deny policy must use the 'denyRules' key to specify deny rules.
Step 2: Provide deniedPermissions as an array
Multiple permissions should be listed as an array of strings.
Step 3: Combine permissions in a single rule
Both permissions can be included in one deny rule's deniedPermissions array.
Step 4: Avoid incorrect formats
Comma-separated strings or multiple denyRules objects are incorrect here.
Final Answer:
{"denyRules": [{"deniedPermissions": ["storage.buckets.delete", "storage.objects.delete"]}]} -> Option D
Quick Check:
Single denyRules with array of permissions [OK]

Quick Trick: List multiple deniedPermissions in one array under denyRules [OK]

Common Mistakes:

Using a comma-separated string instead of an array
Splitting permissions into multiple denyRules objects unnecessarily
Using 'rules' instead of 'denyRules'

Master "Cloud IAM Advanced" in GCP

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More GCP Quizzes

You want to deny both storage.buckets.delete and storage.objects.delete permissions using a single deny policy rule, while allowing all other permissions. Which JSON snippet correctly achieves this?

Step 1: Use 'denyRules' key

Step 2: Provide deniedPermissions as an array

Step 3: Combine permissions in a single rule

Step 4: Avoid incorrect formats

Final Answer:

Quick Check:

Want More Practice?