Practice free →
HomeGCP Associate Cloud Engineercloudcomputinggcpsecurity › Which IAM principle does Google Cloud recommend …

Which IAM principle does Google Cloud recommend when granting a service account access to other services?

AGrant `roles/owner` at the organisation level so the service account never hits a permission error
BShare the service-account key with every developer over Slack
CDisable IAM checks entirely for the service account
DGrant the minimum permissions necessary (principle of least privilege) — use predefined or custom roles narrowly scoped to needed resources
Answer & Solution
Correct answer: D. Grant the minimum permissions necessary (principle of least privilege) — use predefined or custom roles narrowly scoped to needed resources
Least-privilege is the canonical guidance — minimal role at the minimum scope, no shared keys, no disabled IAM. The other options are textbook footguns.
Solve this in the app — GCP Associate Cloud Engineer practice & 24k+ MCQs →
Related questions