Answer-first summary for fast verification
Answer: Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.
HipLocal needs to implement least privileged access using Cloud Client Libraries. API keys (Option A) do not provide authentication/authorization and are not suitable for least privilege. The default compute service account (Option B) has broad permissions, violating least privilege. Option D suggests creating multiple service accounts per API, which is unnecessary complexity. The correct approach is Option C: create a dedicated service account with minimal roles, export the private key (required for on-premises components in their hybrid environment), and use it for authentication. This ensures least privilege by granting only necessary permissions and adheres to Google's best practices for secure credential management in mixed environments.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
HipLocal's application uses Cloud Client Libraries to interact with Google Cloud. To implement least-privileged access for the application, how should HipLocal configure authentication and authorization in the Cloud Client Libraries?
(Note: The question assumes familiarity with the HipLocal case study context provided earlier.)
A
Create an API key. Use the API key to interact with Google Cloud.
B
Use the default compute service account to interact with Google Cloud.
C
Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.
D
Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.
No comments yet.