You need to run a script on your local on-premises workstation that interacts with GCP APIs. The script needs to authenticate as a service account. Which TWO steps are required? (Select TWO)

Answer options:

Generate a JSON key for the service account.

Attach the service account to your local workstation.

Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the key file.

Run gcloud auth login with your personal account.

Enable Identity-Aware Proxy (IAP).

How to approach this question

Identify how external applications authenticate to GCP using service accounts.

Full Answer

When code runs outside of Google Cloud (like on an on-premises workstation), it cannot use the metadata server to get credentials. You must generate a Service Account Key (usually a JSON file), download it, and set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to the file path. Google Cloud client libraries automatically detect this variable and use the key to authenticate.

Common mistakes

Thinking you can 'attach' a service account to an on-prem machine.

Question 46 All questions Question 48

Practice the full GCP Associate Cloud Engineer Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01What is the highest level of the Google Cloud resource hierarchy?Easy Q02You need to enable the Compute Engine API in a new project using the command line. Which command ...Easy Q03You are setting up a new GCP environment. You need to grant a group of developers access to view ...Medium Q04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...Easy Q05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium

View all 50 questions →