GCP Cloud IAM Interview Questions - Real time Questions for Google Cloud

1.So what exactly is an IAM ? Identity access Management

2. Who is member/ Identity /principle

3. How come you authenticate to console.cloud.google.com in your organisation? 

4. It is integrated with Organizational MSID.

This is achieved by Cloud identity

We are having workspace licenses to our organization, so with that we are directly login to the cloud.

5.In your organization, do you know how people's accounts are created?

In Workspace

6. Have you ever worked on admin.google.com, if so why have you used that ?

    • I haven't worked on admin.google.com, but i knew that all the users, groups are getting creating  from  there.

    • And the prg policy for all the users will be implemented at that level.

7.If we want to elaborate the who, in how many ways can the identity be defined?

Identity can be defined with the following:

• People accounts
• Personal accounts
• Workspace accounts
• Cloud Identity accounts

Service accounts or machine accounts or non-human accounts.

8.Can we have organizations for personal identities?

No, we cant

9.What are GSuite (Multi-Factor Accounts) and Cloud Identity accounts?

•     Multi-factor authentication (MFA)
•     Endpoint management

    Improve your company’s device security posture on Android, iOS, and Windows devices using a unified console

•     Single sign-on (SSO)

10.Are you implementing any Google Groups in your projects, if so how?

11.What are special account types in GCP

• allAuthenticated Users

    Special identifiers to represent any google account.

    This will only allow authenticated user, and not anonymous users.

• allUsers

    This is another special identified,

    Anyone from everywhere can access.

12.Can you explain the difference between Primitive, predefined and custom roles. 42.Have you created any custom roles, if so can you explain for what purpose its created.

13. What are policies in IAM?

    • Group of bindings.

https://cloud.google.com/iam/docs/reference/rest/v1/Policy

    • A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). 44.What are service accounts, and can you elaborate the difference b/w service accounts and human accounts.

14. What are the types of service accounts can be created

• User Managed

Google Created

PROJECT NUMBER-compute@developer.gserviceaccount.com

User Created

SERVICE-ACCOUNT-NAME@project-id.iam.gserviceaccount.com

• Google Managed

PROJECT-NUMBER@cloudservices.gserviceaccount.com

15. What are Google Managed service accounts, if we delete them can we restore them?

    No, We cant restore.

16. How can Service accounts authenticate to Google?

     • Keys, we will be creating a JSON file.

17. What if service account keys are compromised, how would you handle the situation?

18. We can create a new key and share across the app team. 

19. Where are service accounts created and user accounts created?

User account are created outside GCP

Service accounts are created inside GCP