Module 3: Securing Access to Google Cloud

Looking for ‘Managing Security in Google Cloud Module 3 Answers’?

In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: Securing Access to Google Cloud of Course 9: Managing Security in Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.

Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!

Identity and Access Management

Graded Assignment

1. Which THREE of the following are IAM Objects that can be used to organize resources in Google Cloud?

  • Role
  • Container
  • Instance
  • Folder ✅
  • Organization ✅
  • Member
  • Bucket
  • Project ✅

Explanation:
In Google Cloud, IAM objects used to organize resources are:

  • Organization – The root node in the GCP resource hierarchy.
  • Folder – Used to group projects and apply policies.
  • Project – Basic unit for enabling and using GCP resources.

2. Projects in Google Cloudprovide many management-related features, including the ability to (choose TWO)

  • Track and manage quota usage. ✅
  • Selectively enable specific services and APIs. ✅
  • Keep on-prem AD/LDAP accounts synced up with user’sGoogle Cloudresources.
  • Balance server load between different Projects.

Explanation:
Projects:

  • Have quotas to limit and monitor resource usage.
  • Let you enable or disable APIs based on what’s needed.

3. Which TWO of the following statements about Cloud IAM Policies is TRUE?

  • An organization policy can only be applied to the organization node.
  • A Policy binding binds a list of members to a role. ✅
  • A policy is a collection of access statements attached to a resource. ✅
  • A less restrictive parent policy will not override a more restrictive child resource policy.

Explanation:

  • A policy is a collection of bindings, each of which maps members to roles.
  • These are attached to a resource like a project, folder, or organization.

Related contents:

Module 2: Foundations of Google Cloud Security
Module 4: Identity and Access Management (IAM)
Module 5: Configuring Virtual Private Cloud for Isolation and Security

You might also like:

Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 10: Security Best Practices in Google Cloud
Course 11: Mitigating Security Vulnerabilities on Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers

Leave a Reply