Practice Test 1 | Google Cloud Certified Associate Cloud Engineer | Dumps | Mock Test
Someone from a different team has approached you that he is working on a web application hosted on Google Cloud VM which needs view access to Google Cloud Storage service. Which of the following is the best approach?
A. Create a custom service account with Google Cloud Storage Viewer role, and attach it to the VM instance.
B. Create a custom service account with Google Cloud Storage Viewer role, create a JSON key pair, and provide it to him.
C. VM Instances by default have read access to Google Cloud Storage service, so nothing needs to be done.
D. Create an IAM user for him with Google Cloud Storage, create a JSON key pair, and provide it to him.
Explanation:
Correct Answer – C
C is correct: Each VM has a default service account attached which gives VM read access to Storage service.
A is incorrect: You can do this but is not the best approach as by default VM has read access to Storage service.
B is incorrect: This should not be implemented as it is very risky to use key pairs when other much-secured ways are available like attaching the service account to VM instance instead of creating a key pair.
D is incorrect: Creation of JSON key pair for IAM user is not supported at the time of writing this question.
Reference:
https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_default_service_account
Comments are closed, but trackbacks and pingbacks are open.