You have an application running on a VM in 'Project A'. The application needs to write data to a BigQuery dataset located in 'Project B'.

Which TWO steps are required to configure this access securely? (Select TWO)

Answer options:

Attach a service account to the VM in Project A.

In Project B, grant that service account the 'BigQuery Data Editor' role.

Create a VPC peering connection between Project A and Project B.

Download the service account key from Project B and place it on the VM in Project A.

Enable the BigQuery API in Project A.

How to approach this question

Understand how cross-project IAM works with service accounts.

Full Answer

Attach a service account to the VM in Project A., In Project B, grant that service account the 'BigQuery Data Editor' role.

Service accounts can be granted access to resources in other projects. To allow a VM in Project A to access BigQuery in Project B, you attach a service account to the VM in Project A. Then, you go to Project B's IAM settings and add that service account's email address, granting it the necessary role (e.g., BigQuery Data Editor). No keys need to be downloaded.

Common mistakes

Thinking you have to download keys to cross project boundaries. IAM natively supports cross-project bindings.

Question 46 All questions Question 48

Practice the full GCP Associate Cloud Engineer Practice Exam 7

50 questions · hints · full answers · grading

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the Cloud S...Easy Q02Your company is migrating to Google Cloud and wants to manage user identities centrally. They cur...Medium Q03You have just created a new Google Cloud project and want to deploy a containerized application u...Medium Q04Your finance team wants to perform complex SQL queries on your Google Cloud billing data to analy...Medium Q05You are managing a development project in Google Cloud. You want to ensure that you are notified ...Easy

View all 50 questions →