Domain 5.2: Managing service accounts

What is the primary purpose of a Google Cloud Service Account?

An application running on a Compute Engine VM needs to read files from a Cloud Storage bucket. What is the MOST secure way to grant the VM access to the bucket?

You need to run a script on your local on-premises workstation that interacts with GCP APIs. The script needs to authenticate as a service account. Which TWO steps are required? (Select TWO)

What is the primary purpose of a Service Account in Google Cloud?

You have an application running on a Compute Engine instance. The application needs to read files from a Cloud Storage bucket. You want to follow security best practices. How should you grant the application access to the bucket?

You have a CI/CD pipeline running in 'Project-A'. The pipeline needs to deploy a Cloud Function into 'Project-B'. The pipeline authenticates using a Service Account located in 'Project-A'. Which TWO steps are required to allow the pipeline to deploy the function? (Select TWO)

An application running on a Compute Engine VM needs to read files from a specific Cloud Storage bucket. You want to follow the principle of least privilege. How should you grant the VM access to the bucket?

You have an application running on an on-premises server (outside of Google Cloud) that needs to publish messages to a Cloud Pub/Sub topic. You have created a Service Account with the necessary Pub/Sub Publisher role. How should the on-premises application authenticate as this Service Account?

You have two GCP projects: 'Project-App' and 'Project-Data'. A Compute Engine VM in 'Project-App' needs to read data from a Cloud Storage bucket located in 'Project-Data'. Which TWO steps are required to configure this cross-project access securely? (Select TWO)

What is the primary purpose of a Service Account in Google Cloud?

You have an application running on a Compute Engine VM that needs to read files from a specific Cloud Storage bucket. What is the MOST secure way to grant the VM access to the bucket?

You have an application running on-premises (outside of GCP) that needs to write data to Cloud Pub/Sub. You have created a service account for this application and generated a JSON key file. Which TWO practices should you follow to secure this service account key? (Select TWO)

When you enable the Compute Engine API in a new project, a default service account is automatically created. What is the standard email address format for the default Compute Engine service account?

You are deploying a custom application on a Compute Engine VM. The application needs to read configuration files from a specific Cloud Storage bucket. What is the MOST secure way to grant the VM access to the bucket?

You have a Compute Engine VM running in `Project A`. The application on this VM needs to write data to a BigQuery dataset located in `Project B`. Which TWO steps must you take to configure this cross-project access securely? (Select TWO)

What is the primary purpose of a Service Account in Google Cloud?

You are deploying an application on a Compute Engine instance. The application needs to write logs to Cloud Logging and read configuration files from a specific Cloud Storage bucket. What is the MOST secure way to grant the application these permissions?

You have two projects: 'Project A' (where your Compute Engine VMs run) and 'Project B' (where your BigQuery datasets reside). The VMs in Project A need to run queries against the datasets in Project B. Which TWO steps are required to configure this cross-project access securely? (Select TWO)

You have an application running on a Compute Engine VM that needs to read files from a specific Cloud Storage bucket. What is the most secure way to grant the application access to the bucket?

When you create a new Compute Engine instance without specifying a service account, it automatically uses the Compute Engine default service account. What primitive IAM role is granted to this default service account by default?

You have an application running on a VM in 'Project A'. The application needs to write data to a BigQuery dataset located in 'Project B'. Which TWO steps are required to configure this access securely? (Select TWO)