Answer-first summary for fast verification
Answer: Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.
The principle of least privilege requires granting minimal necessary permissions. Using a custom IAM role ensures the service account has only the permissions it needs, adhering to this principle. The deployer must have the permission to act as the new service account to assign it to the Cloud Function during deployment. Therefore, the correct approach is to create a new service account with a custom IAM role for accessing the resources and grant the deployer the permission to act as this service account.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you apply the principle of least privilege to secure a Cloud Function that interacts with other Google Cloud resources?
A
Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.
B
Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.
C
Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.
D
Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.
No comments yet.