Domain 5.2: Managing service accounts — GCP ACE Practice Question 44

How to approach this question

Identify the most secure way for a VM to authenticate to GCP services.

Full Answer

C.Create a custom service account, grant it the 'Storage Object Viewer' role, and attach it to the Compute Engine instance.✓ Correct

The best practice for granting a VM access to GCP services is to attach a Service Account to the VM. The application can then use Application Default Credentials (ADC) to automatically fetch short-lived access tokens from the VM's metadata server. This eliminates the need to download and manage static service account keys.

Common mistakes

Choosing to download a JSON key file. This is an anti-pattern when running code on GCP compute resources.

You have an application running on a Compute Engine instance. The application needs to read files from a Cloud Storage bucket. You want to follow security best practices.

How should you grant the application access to the bucket?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 2

More questions from this exam

You have an application running on a Compute Engine instance. The application needs to read files from a Cloud Storage bucket. You want to follow security best practices. How should you grant the application access to the bucket?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 2

More questions from this exam

You have an application running on a Compute Engine instance. The application needs to read files from a Cloud Storage bucket. You want to follow security best practices.

How should you grant the application access to the bucket?