When deploying an application on a Compute Engine instance that communicates with Cloud SQL using Cloud SQL Proxy, what is the Google-recommended best practice for assigning the minimum required access to the service account associated with the instance?

Exam-Like

Explanation:

The principle of least privilege requires granting only the minimum necessary permissions. The Cloud SQL Client role (C) provides the cloudsql.instances.connect and cloudsql.instances.get permissions, which are required to establish a connection via Cloud SQL Proxy. The Project Editor (A) and Project Owner (B) roles are overly broad, granting full project access. The Cloud SQL Editor role (D) allows modifying database structures (e.g., tables), which is unnecessary for basic connectivity. Thus, the correct choice is C.

Powered ByGPT-5

Google Professional Cloud Developer

Get started today

Google Professional Cloud Developer

Get started today

When deploying an application on a Compute Engine instance that communicates with Cloud SQL using Cloud SQL Proxy, what is the Google-recommended best practice for assigning the minimum required access to the service account associated with the instance?