You need to run a script on your local on-premises workstation that interacts with GCP APIs. The script needs to authenticate as a service account. Which TWO steps are required? (Select TWO)

Answer options:

Generate a JSON key for the service account.

Attach the service account to your local workstation.

Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the key file.

Run gcloud auth login with your personal account.

Enable Identity-Aware Proxy (IAP).

How to approach this question

Identify how external applications authenticate to GCP using service accounts.

Full Answer

Generate a JSON key for the service account. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the key file.

When code runs outside of Google Cloud (like on an on-premises workstation), it cannot use the metadata server to get credentials. You must generate a Service Account Key (usually a JSON file), download it, and set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to the file path. Google Cloud client libraries automatically detect this variable and use the key to authenticate.

Common mistakes

Thinking you can 'attach' a service account to an on-prem machine.

Question 46 All questions Question 48

Practice the full GCP Associate Cloud Engineer Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01What is the highest level of the Google Cloud resource hierarchy?Easy Q02You need to enable the Compute Engine API in a new project using the command line. Which command ...Easy Q03You are setting up a new GCP environment. You need to grant a group of developers access to view ...Medium Q04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...Easy Q05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium

View all 50 questions →