Answer-first summary for fast verification
Answer: Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.
The correct answer is B. Granting the VM Service Account the role of Storage Object Creator on corp-aggregate-reports-storage follows the principle of least privilege. This allows the VM to create objects in the specified bucket without giving it permissions to view, delete, or overwrite other objects. This method ensures the necessary access is granted while maintaining security and simplicity, as recommended by Google.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An application running on a Compute Engine virtual machine (VM) generates daily reports. This VM resides in the project corp-iot-insights. Your team's operations are limited to the project corp-aggregate-reports, and you require the daily reports to be copied to a Cloud Storage bucket named corp-aggregate-reports-storage. What configuration steps should you follow to ensure that the daily reports generated by the VM are accessible in the bucket corp-aggregate-reports-storage, adhering to Google Cloud's best practices?
A
Move both projects under the same folder.
B
Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.
C
Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.
D
Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.
No comments yet.