ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.2: Managing service accountsDomain 5Service AccountsIAMCross-Project

GCP ACE · Question 47 · Domain 5.2: Managing service accounts

You have a Compute Engine VM running in Project A. The application on this VM needs to write data to a BigQuery dataset located in Project B.

Which TWO steps must you take to configure this cross-project access securely? (Select TWO)

Answer options:

A.

Attach a service account to the VM in Project A

B.

Grant that service account the roles/bigquery.dataEditor role in Project B

C.

Create a service account in Project B and attach it to the VM in Project A

D.

Download a JSON key for a service account in Project B and store it on the VM in Project A

E.

Set up VPC Network Peering between Project A and Project B

How to approach this question

Understand how IAM works across projects. The identity lives in one project, and the permission is granted in the other.

Full Answer

Attach a service account to the VM in Project A, Grant that service account the roles/bigquery.dataEditor role in Project B
To enable cross-project access, you use IAM. First, you ensure the VM in Project A runs as a specific service account (e.g., `app-sa@project-a.iam.gserviceaccount.com`). Then, you go to Project B (where BigQuery is), open IAM, and grant that specific email address the required role (e.g., `roles/bigquery.dataEditor`). GCP handles the cross-project authentication automatically.

Common mistakes

Thinking you need VPC peering for API access, or resorting to downloading JSON keys.
46All questions48

Practice the full GCP Associate Cloud Engineer Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ02A developer on your team needs to manage App Engine applications, including deploying new version...MediumQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...Medium
View all 50 questions →