Answer-first summary for fast verification
Answer: For the application server, set up a service account.
The Google-recommended practice for setting up Identity and Access Management (IAM) in this scenario involves using service accounts for applications running on Compute Engine machines. Service accounts provide a secure and manageable way to grant permissions to applications, allowing them to access Cloud SQL instances without the need for user account credentials. This approach is more secure than using shared user accounts (options A and D) because it minimizes the risk of credential exposure and allows for more granular permission management. Setting up a dedicated user account for each application code (option B) is not scalable and complicates credential management. Therefore, the correct action is to set up a service account for the application server (option C), which aligns with Google's best practices for security and efficiency.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
What is the recommended Google-recommended practice for setting up IAM quickly and securely when deploying a new Cloud SQL instance accessed via the Cloud SQL Auth proxy from application code running on a Compute Engine VM?
A
For each application code, set up a common shared user account.
B
For each application code, set up a dedicated user account.
C
For the application server, set up a service account.
D
For the application server, set up a common shared user account.
No comments yet.