Answer-first summary for fast verification
Answer: Grant the read-only privilege to the service account for the Cloud Storage bucket.
The automation uses a service account for authentication. To retrieve files from Cloud Storage, the service account requires read access to the bucket. Granting read-only privileges (e.g., roles/storage.objectViewer) aligns with the least privilege principle. Options A and B involve user account roles unrelated to Cloud Storage access. Option D grants overly broad permissions (cloud-platform), violating least privilege. Option C directly addresses the need with minimal permissions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are extending an existing automation that uses a service account for authentication. The automation needs to retrieve files from a Cloud Storage bucket while adhering to the principle of least privilege. What should you do?
A
Grant the compute.instanceAdmin to your user account.
B
Grant the iam.serviceAccountUser to your user account.
C
Grant the read-only privilege to the service account for the Cloud Storage bucket.
D
Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
No comments yet.