MemberMarch 1, 2021 at 4:13 am
I have a question about the following question of the Google Associate certification training test :
Category: ACE – Configuring Access and Security
You are running a group of Compute Engine instances on the Google Cloud Platform. You want to set-up the necessary permissions to allow all of your instances to read and write data into a specific Cloud Storage bucket. You want to follow Google-recommended practices.
What should you do?
Here, as it is clearly asked to be read and write permissions, I chose the following answer :
” Using the GCP Console, create a service account with an IAM role of storage.objectAdmin. Use it for your GCE instances to get write permissions on the bucket.”
But it is the following which is marked as the valid one :
” Using the GCP Console, create a service account with an IAM role of storage.objectCreator. Use it for your GCE instances to get write permissions on the bucket.”
My point is that the storage.objectCreator role doesn’t include read permissions where storage.ObjectAdmin does. So could you please clarify why my answer isn’t correct ?
MemberMarch 4, 2021 at 12:52 am
Thank you for sharing your feedback.
We have updated the scenario and the change will be reflected in our practice tests soon.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Wayne @ Tutorials Dojo
Log in to reply.