PCSE Configuring access within a cloud solution environment • Complete Question Bank
Complete PCSE Configuring access within a cloud solution environment question bank — all 0 questions with answers and detailed explanations.
{
"bindings": [
{
"role": "roles/compute.instanceAdmin.v1",
"members": [
"user:admin@example.com"
]
},
{
"role": "roles/compute.networkAdmin",
"members": [
"user:admin@example.com"
]
},
{
"role": "roles/compute.securityAdmin",
"members": [
"group:security-team@example.com"
]
}
],
"etag": "BwX9X9X9X9X="
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Full management of Compute Engine resources
Read-only access to Cloud Storage objects
Manage service accounts and keys
Manage Cloud KMS keys and key rings
Manage organization policies
Drag a concept onto its matching description — or click a concept then click the description.
Routes logs to a destination (e.g., BigQuery, Pub/Sub)
Storage location for log entries
Counts log entries matching a filter
Records of admin and data access activities
Copies logs to a Cloud Storage or BigQuery
Refer to the exhibit.
```json
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"serviceAccount:sa@project.iam.gserviceaccount.com"
],
"condition": {
"title": "restrict_to_bucket",
"expression": "resource.name.startsWith('projects/my-project/buckets/my-bucket/objects/')"
}
}
]
}
```Refer to the exhibit.
```
Audit Log Entry:
{
"serviceName": "dataflow.googleapis.com",
"methodName": "google.cloud.dataflow.v1beta3.Jobs.Create",
"authenticationInfo": {
"principalEmail": "my-sa@my-project.iam.gserviceaccount.com"
},
"authorizationInfo": [
{
"resource": "projects/my-project/serviceAccounts/my-project-compute@developer.gserviceaccount.com",
"permission": "iam.serviceAccounts.actAs",
"granted": false
}
]
}
```Refer to the exhibit. The output shows that Alice has the following IAM policy binding:
{
"role": "roles/storage.objectAdmin",
"members": ["user:alice@example.com"],
"condition": {
"title": "storage_access_condition",
"expression": "request.time < timestamp('2024-12-31T23:59:59Z') && source.ip in ['203.0.113.0/24']"
}
}Alice is currently working from an IP address 198.51.100.10, and the date is 2025-01-01. What is the result when Alice tries to upload an object to a bucket in this project?
resource "google_project_iam_binding" "project" {
project = "my-project"
role = "roles/bigquery.dataViewer"
members = [
"group:data-scientists@example.com",
]
condition {
title = "limited_time"
expression = "request.time < timestamp('2025-06-30T00:00:00Z')"
}
}{
"bindings": [
{
"role": "roles/storage.admin",
"members": ["user:admin@example.com"]
},
{
"role": "roles/storage.objectViewer",
"members": ["user:user@example.com"],
"condition": {
"title": "ip_restriction",
"expression": "source.ip in ['10.0.0.0/8']"
}
}
]
}Consider the following custom role definition: roles: - name: myCustomRole title: My Custom Role includedPermissions: - compute.instances.create - compute.instances.delete - compute.instances.get - compute.disks.create - compute.disks.get - compute.subnetworks.use - compute.images.useReadOnly
The following IAM policy was applied on a project:
bindings:
- members:
- user: alice@example.com
role: roles/cloudsql.admin
condition:
expression: "resource.name.startsWith('projects/PROJECT_ID/instances/dev-')"
title: "dev_only"
- members:
- user: alice@example.com
role: roles/cloudsql.client
condition: {}The following gcloud command output shows the IAM policy for a project: - role: roles/compute.instanceAdmin members: - serviceAccount:sa1@project.iam.gserviceaccount.com - role: roles/compute.viewer members: - user:user1@domain.com - role: roles/iam.serviceAccountUser members: - user:user1@domain.com
{
"bindings": [
{
"role": "roles/iam.serviceAccountUser",
"members": ["user:alice@example.com"],
"condition": {
"expression": "request.time < timestamp('2025-12-31T23:59:59Z')",
"title": "expire_access"
}
}
]
}