Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
In your role as a Google Cloud Engineer, you are tasked with setting up service accounts for an application that operates across several projects within Google Cloud Platform (GCP). Specifically, you need to configure virtual machines (VMs) within a project named web-applications so that they can access BigQuery datasets located in another project called crm-databases. To adhere to Google's recommended best practices for this configuration, what steps should you take to properly grant the needed access to the service account associated with the web-applications project?
Explanation:
The correct answer is D. This follows the principle of least privilege, which is a Google-recommended best practice. Granting the roles/bigquery.dataViewer role to the crm-databases project ensures that the service account in the web-applications project has the necessary permissions to access BigQuery datasets without over-privileged access. Granting 'project owner' roles, as suggested in other options, would provide far-reaching permissions beyond what's needed for this specific task.