Professional Cloud Network Engineer topic 1 question 30

Correct Answer are (D) & (E)

GetIamPolicy and SetIamPolicy is only for service accounts. But question asks for a project members.
Hence, D and E are correct ans.
D - https://cloud.google.com/iam/docs/granting-changing-revoking-access#granting-gcloud-manual
E - https://cloud.google.com/iam/docs/granting-changing-revoking-access#access-control-via-console

E is not scripting and automation. So E is obviously wrong. The answer should be B and D

A) GetIamPolicy()  would not do anything by itself but see (B)
B) would require use of GetIamPolicy() as otherwise SetIamPolicy() override existing binding
C) obviously wrong, question is not about pubsub
D) the documentation indicate that project_id need to be used not project_name, would therefore return an error
E) would work, despite being very vague, but is not automation.

Now, the question ask for "which 2 _methods_ can be used to achieve that".

Both GetIamPolicy()  and SetIamPolicy() are programatic _methods_ that if used together could achieve that.

Therefore one could roll with A&B in the spirits of that very tricky question.

In answer D, "project_name" is the name of a parameter inserted by the programmer. The fact it's a confusing name does not affect its accuracy.

I agree B is a correct answer.

Therefore I think the correct answers are B & D.

B) https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy
D) https://cloud.google.com/sdk/gcloud/reference/projects/add-iam-policy-binding

Keywords: scripting and automation + the word "methods"
search for the word "method" in the below documentation and see where it's mentioned

https://cloud.google.com/iam/docs/granting-changing-revoking-access#multiple-roles-programmatic

You should read the question well , It says use scripting and automation , E is a manual process so answer is BD

I think BD are the correct ones by elimination:

A. GetIamPolicy() - read only method and BTW with a typo (should be getIAmPolicy but I guess that's not the intenional mistake)
B. setIamPolicy() via REST API - does the job!
C. gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor - nothing to do because points to pubsub
D. gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor - does the job!
E. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console. - no automation option

A. GetIamPolicy() via REST API
B. setIamPolicy() via REST API

I think D&E is correct answer

I'd vote A and B as @EranSolstice says, because of the following exceprt from here https://cloud.google.com/iam/docs/granting-changing-revoking-access#multiple-roles

To make large-scale access changes that involve granting and revoking MULTIPLE roles, use the read-modify-write pattern to update the resource's IAM policy:

    Reading the current policy by calling getIamPolicy().
    Editing the returned policy, either by using a text editor or programmatically, to add or remove any principals or role bindings.
    Writing the updated policy by calling setIamPolicy().