Answer-first summary for fast verification
Answer: Use the instance's service account Application Default Credentials to authenticate to the required resources.
The correct approach is to leverage the built-in service account credentials provided by Compute Engine. Application Default Credentials (ADC) automatically use the service account attached to the instance, avoiding the need to manually distribute or store credential files. This method is secure as credentials are managed by GCP's metadata server and are not exposed on disk. - **Option A** (HTTP signed URLs) is incorrect because signed URLs grant temporary access to specific resources (e.g., Cloud Storage objects), not service account authentication. - **Option C** (P12 file) is insecure due to manual credential handling and outdated key formats. - **Option D** (committing credentials to source) violates security best practices by exposing credentials in repositories. - **Option B** (ADC) aligns with GCP best practices, ensuring secure, automatic authentication without credential file management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you securely distribute service account credentials to Compute Engine VM instances for authenticating with GCP products?
A
Use HTTP signed URLs to securely provide access to the required resources.
B
Use the instance's service account Application Default Credentials to authenticate to the required resources.
C
Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.
D
Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.
No comments yet.