You have a Python application running in production on Cloud Run that needs to read and write data from a Cloud Storage bucket in the same project. How do you grant the application access while adhering to the principle of least privilege?

Exam-Like

Create a user-managed service account with a custom Identity and Access Management (IAM) role.

61.9%

Create a user-managed service account with the Storage Admin Identity and Access Management (IAM) role.

23.8%

Create a user-managed service account with the Project Editor Identity and Access Management (IAM) role.

9.5%

Use the default service account linked to the Cloud Run revision in production.

4.8%

Google Professional Cloud Developer