Answer-first summary for fast verification
Answer: Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
The Google-recommended way for your application to authenticate to Cloud Pub/Sub and other Google Cloud services when running on Compute Engine VMs is to use VM service accounts. VM service accounts are automatically created when you create a Compute Engine VM, and they are associated with the VM instance. To authenticate to Cloud Pub/Sub and other Google Cloud services, you should ensure that the VM service accounts are granted the appropriate IAM roles. This approach is secure, simplifies authentication and authorization management, and leverages the built-in IAM capabilities of Google Cloud. Hence, the correct answer is A: Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company deals with highly sensitive financial transaction data. This data needs to be securely pushed from application server VMs to Google Cloud Pub/Sub for subsequent processing and storage. You need to ensure that the application running on these VMs can authenticate to Google Cloud services in a secure manner. What is the Google-recommended way for your application to authenticate to the required Google Cloud services?
A
Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
B
Ensure that VM service accounts do not have access to Cloud Pub/Sub, and use VM access scopes to grant the appropriate Cloud Pub/Sub IAM roles.
C
Generate an OAuth2 access token for accessing Cloud Pub/Sub, encrypt it, and store it in Cloud Storage for access from each VM.
D
Create a gateway to Cloud Pub/Sub using a Cloud Function, and grant the Cloud Function service account the appropriate Cloud Pub/Sub IAM roles.
No comments yet.