Answer-first summary for fast verification
Answer: Establish a service account with roles necessary for the data transformation programs, and utilize Google managed keys for storing the service account keys.
The correct approach involves using a service account, not a user identity or group. Assign the necessary roles to the service account for executing the data transformation programs. Google managed keys are recommended for managing service accounts, whereas Secret Manager is intended for secrets like usernames and passwords. For more details, refer to [Google Cloud's authentication best practices](https://cloud.google.com/docs/authentication/production).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
When developing a data pipeline on Compute Engine virtual machines for data transformation, and aiming to avoid using personal credentials for authentication and authorization, what is the Google Cloud recommended practice?
A
Create a Gmail account, use it to establish an IAM group, and store the group's password in Secret Manager.
B
Establish a service account with roles necessary for the data transformation programs, and utilize Google managed keys for storing the service account keys.
C
Set up a service account with required roles for the data transformation programs, and store the service account keys in Secret Manager.
D
Create a Gmail account, use it to create an IAM user, and store the account's password in Secret Manager.
No comments yet.