Answer-first summary for fast verification
Answer: Grant the VM Service Account the Storage Object Creator role on 'corp-total-analysis-storage'.
**Correct Answer: B** - Assigning the Storage Object Creator role to the VM Service Account on 'corp-total-analysis-storage' is the most efficient and secure method to allow the VM to write daily exports to the specified bucket, adhering to Google's recommended practices. **Why not A?** Merging projects under the same folder is unnecessary for configuring access and doesn't directly address the requirement. **Why not C?** A Shared VPC network is irrelevant for Cloud Storage access, making this option ineffective. **Why not D?** Making the bucket public poses significant security risks and is not recommended. For more details, refer to [Google Cloud Storage IAM roles](https://cloud.google.com/storage/docs/access-control/iam-roles#standard-roles).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a member of the business intelligence engineering department, you're collaborating on a Business Intelligence Dashboard for company directors. The data team uses a CRON job on a VM in the 'corp-data-analysis' project to generate daily reports. Your team, working on the dashboard's frontend, needs access to these daily exports in the 'corp-total-analysis-storage' bucket within the 'corp-total-analysis' project. What's the most efficient way to configure access for these exports, following Google's best practices?
A
Merge both projects under a single folder.
B
Grant the VM Service Account the Storage Object Creator role on 'corp-total-analysis-storage'.
C
D
No comments yet.