ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 5.2: Managing service accountsDomain 5.2Service AccountsAuthenticationJSON Keys

GCP ACE · Question 46 · Domain 5.2: Managing service accounts

You have an application running on an on-premises server (outside of Google Cloud) that needs to publish messages to a Cloud Pub/Sub topic. You have created a Service Account with the necessary Pub/Sub Publisher role.

How should the on-premises application authenticate as this Service Account?

Answer options:

A.

Attach the Service Account to the on-premises server using the Cloud Console.

B.

Generate a JSON key for the Service Account, securely store it on the on-premises server, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the file.

C.

Configure the on-premises server to use Identity-Aware Proxy (IAP).

D.

Use the gcloud auth login command on the server to log in with your personal Google account.

How to approach this question

Understand how external (non-GCP) applications authenticate to GCP APIs.

Full Answer

B.Generate a JSON key for the Service Account, securely store it on the on-premises server, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the file.✓ Correct
When an application runs outside of GCP (e.g., on-premises or in AWS), it cannot automatically use an attached service account. You must generate a Service Account Key (usually a JSON file), place it securely on the external server, and set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. The GCP client libraries will automatically find and use this key.

Common mistakes

Thinking you can 'attach' a service account to an on-prem server just like a GCP VM.
45All questions47

Practice the full GCP Associate Cloud Engineer Practice Exam 3

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new project in Google Cloud and need to create a new GCP project and enable th...EasyQ02A new team member has joined your operations team. They need to be able to view all Compute Engin...MediumQ03Your company is migrating to Google Cloud. You currently manage all employee identities in an on-...MediumQ04Your development team is experimenting with new GCP services in a sandbox project. The finance te...MediumQ05Your company wants to perform complex, custom SQL analysis on their Google Cloud billing data to ...Easy
View all 50 questions →