Domain 5.2: Managing service accounts — GCP ACE Practice Question 45

How to approach this question

Apply the principle of least privilege using Service Accounts attached to VMs.

Full Answer

B.Create a custom Service Account, grant it the Storage Object Viewer role on the bucket, and attach the Service Account to the VM.✓ Correct

To securely grant a VM access to GCP resources, you should create a user-managed (custom) Service Account, grant it only the necessary IAM roles (e.g., Storage Object Viewer), and attach it to the VM. The application can then use Application Default Credentials (ADC) to automatically authenticate without needing to manage JSON keys.

Common mistakes

Using the default compute service account, or downloading JSON keys to the VM.

An application running on a Compute Engine VM needs to read files from a specific Cloud Storage bucket. You want to follow the principle of least privilege.

How should you grant the VM access to the bucket?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 3

More questions from this exam

An application running on a Compute Engine VM needs to read files from a specific Cloud Storage bucket. You want to follow the principle of least privilege. How should you grant the VM access to the bucket?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 3

More questions from this exam

An application running on a Compute Engine VM needs to read files from a specific Cloud Storage bucket. You want to follow the principle of least privilege.

How should you grant the VM access to the bucket?