Answer-first summary for fast verification
Answer: Create a new service account and assign this service account to the new instance. Grant the service account permissions on Cloud Storage.
The correct answer is C. To ensure that only the new instance can access the files in Cloud Storage without allowing access to other VMs, you should create a new service account specifically for the new instance. By doing this, you can grant permissions on Cloud Storage specifically to the new service account. This approach isolates the permissions to the new instance and ensures other instances with the default service account do not have access to the Cloud Storage files. Option A would allow all instances with the default service account to access the files, which is not desired in this scenario.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a Google Associate Cloud Engineer, you are tasked with managing a third-party application that will run on a new Compute Engine instance. The existing Compute Engine instances in your environment are configured with default settings. The installation files for this application are currently stored in Cloud Storage. Your objective is to configure the new instance to access these installation files from Cloud Storage while ensuring that no other virtual machines (VMs) in your environment can access these files. What steps should you take to achieve this?
A
Create the instance with the default Compute Engine service account. Grant the service account permissions on Cloud Storage.
B
Create the instance with the default Compute Engine service account. Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
C
Create a new service account and assign this service account to the new instance. Grant the service account permissions on Cloud Storage.
D
Create a new service account and assign this service account to the new instance. Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
No comments yet.