0
0
GCPcloud~20 mins

Policy troubleshooter in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Policy Troubleshooter Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
Understanding Policy Troubleshooter Output

You use the GCP Policy Troubleshooter to check if a user has permission to delete a Compute Engine instance. The tool returns: "Access: DENIED". What does this mean?

AThe user is denied permission because a policy explicitly forbids it.
BThe user does not have permission, but the tool cannot determine why.
CThe user definitely does not have permission to delete the instance.
DThe user has permission, but the tool shows DENIED due to a temporary error.
Attempts:
2 left
💡 Hint

The Policy Troubleshooter definitively determines if access is granted or denied.

🧠 Conceptual
intermediate
2:00remaining
Role of Policy Troubleshooter in IAM Debugging

Which of the following best describes the main purpose of the GCP Policy Troubleshooter?

ATo simulate and explain why a user has or does not have a permission.
BTo list all users who have a specific permission in a project.
CTo automatically fix IAM permission errors for users.
DTo audit all policy changes made in the last 30 days.
Attempts:
2 left
💡 Hint

Think about what troubleshooting means in the context of permissions.

Configuration
advanced
2:00remaining
Interpreting Troubleshooter JSON Output

You run the Policy Troubleshooter API and get this JSON snippet:

{
  "access": "GRANTED",
  "reasons": ["RoleBinding", "Inherited"]
}

What does this output tell you?

AThe user is denied permission because the role binding is missing.
BThe user has permission because it is granted directly by a role binding on the resource.
CThe user has permission but only temporarily due to a policy override.
DThe user has permission because it is inherited from a higher-level resource's role binding.
Attempts:
2 left
💡 Hint

Look at the reasons array and what 'Inherited' means in policy context.

security
advanced
2:00remaining
Troubleshooting Deny Policies with Policy Troubleshooter

You suspect a deny policy is blocking a user from accessing a Cloud Storage bucket. How can the Policy Troubleshooter help you confirm this?

AIt only shows permissions granted, not denied, so it cannot confirm deny policies.
BIt shows the exact deny policy and the resource it applies to that blocks the user.
CIt lists all users affected by the deny policy but not the reason for denial.
DIt automatically removes the deny policy to allow access temporarily.
Attempts:
2 left
💡 Hint

Think about how deny policies affect access and what the troubleshooter reveals.

Best Practice
expert
2:00remaining
Using Policy Troubleshooter for Least Privilege Principle

You want to ensure a user has only the permissions they need. How can the Policy Troubleshooter assist in applying the least privilege principle?

ABy simulating permission checks to verify if the user can perform only required actions.
BBy automatically generating minimal roles for the user based on their activity.
CBy showing all permissions a user currently has, so you can remove unnecessary ones.
DBy disabling all permissions except those explicitly tested in the troubleshooter.
Attempts:
2 left
💡 Hint

Consider how simulation helps verify permissions without changing them.