Answer-first summary for fast verification
Answer: Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
The correct answer is C. To use a service account from one project (proj-sa) to perform actions, such as taking snapshots of VMs in another project (proj-vm), you need to grant the service account appropriate permissions in the target project. Specifically, you should grant the service account the IAM Role of Compute Storage Admin in the proj-vm project. This role has the permissions to create, modify, and delete disks, images, and snapshots, which are necessary to take snapshots of VMs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are managing all your service accounts within a project named ‘proj-sa’. You have another separate project called ‘proj-vm’ that contains VMs (Virtual Machines) that you need to take snapshots of. Your goal is to utilize a service account from the ‘proj-sa’ project to perform snapshot operations on the VMs residing in the ‘proj-vm’ project. What steps should you take to achieve this?
A
Download the private key from the service account, and add it to each VMs custom metadata.
B
Download the private key from the service account, and add the private key to each VM's SSH keys.
C
Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
D
When creating the VMs, set the service account's API scope for Compute Engine to read/write.
No comments yet.