Answer-first summary for fast verification
Answer: When creating the VM via the web console, specify the service account under the 'Identity and API Access' section.
Option A is the correct answer. When creating a VM via the web console, you can specify the service account under the 'Identity and API Access' section. This ensures that the VM uses the selected service account right from the start, avoiding the complexity and potential security risks associated with manually downloading and managing JSON private keys. Although the question suggests the VM is already created, the best practice is to specify the service account during VM creation to avoid additional steps and possible errors. If the VM is already created, you can stop it, change the service account, and then restart the VM.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have deployed a virtual machine (VM) running Linux on Google Cloud. The VM needs to establish a connection to a Cloud SQL instance. To manage access securely, you have created a dedicated service account with the necessary permissions for the Cloud SQL instance. To ensure that the VM uses this newly created service account rather than the default Compute Engine service account, what steps should you take?
A
When creating the VM via the web console, specify the service account under the 'Identity and API Access' section.
B
Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.
C
Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.
D
Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.
No comments yet.