Explanation:
The correct answer is C. To use a service account from one project (proj-sa) to perform actions, such as taking snapshots of VMs in another project (proj-vm), you need to grant the service account appropriate permissions in the target project. Specifically, you should grant the service account the IAM Role of Compute Storage Admin in the proj-vm project. This role has the permissions to create, modify, and delete disks, images, and snapshots, which are necessary to take snapshots of VMs.
Ultimate access to all questions.
You are managing all your service accounts within a project named ‘proj-sa’. You have another separate project called ‘proj-vm’ that contains VMs (Virtual Machines) that you need to take snapshots of. Your goal is to utilize a service account from the ‘proj-sa’ project to perform snapshot operations on the VMs residing in the ‘proj-vm’ project. What steps should you take to achieve this?
A
Download the private key from the service account, and add it to each VMs custom metadata.
B
Download the private key from the service account, and add the private key to each VM's SSH keys.
C
Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
D
When creating the VMs, set the service account's API scope for Compute Engine to read/write.
No comments yet.