Google Cloud Professional Cloud Network Engineer — Question 41

You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)

Answer options

• A. GetIamPolicy() via REST API
• B. setIamPolicy() via REST API
• C. gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
• D. gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
• E. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Correct answer: B, D

Explanation

The correct methods to grant the editor role are B and D. The setIamPolicy() method allows you to set IAM policies via the REST API, while gcloud projects add-iam-policy-binding is a command-line method to assign roles directly to users. Options A and C are incorrect as they refer to getting IAM policies or adding IAM bindings to Pub/Sub instead of projects, which do not directly grant the editor role as required.