Explanation:
Correct Answer: B - Assigning the Storage Object Creator role to the VM Service Account on 'corp-total-analysis-storage' is the most efficient and secure method to allow the VM to write daily exports to the specified bucket, adhering to Google's recommended practices.
Why not A? Merging projects under the same folder is unnecessary for configuring access and doesn't directly address the requirement.
Why not C? A Shared VPC network is irrelevant for Cloud Storage access, making this option ineffective.
Why not D? Making the bucket public poses significant security risks and is not recommended.
For more details, refer to Google Cloud Storage IAM roles.
Ultimate access to all questions.
As a member of the business intelligence engineering department, you're collaborating on a Business Intelligence Dashboard for company directors. The data team uses a CRON job on a VM in the 'corp-data-analysis' project to generate daily reports. Your team, working on the dashboard's frontend, needs access to these daily exports in the 'corp-total-analysis-storage' bucket within the 'corp-total-analysis' project. What's the most efficient way to configure access for these exports, following Google's best practices?
A
Merge both projects under a single folder.
B
Grant the VM Service Account the Storage Object Creator role on 'corp-total-analysis-storage'.
C
D
No comments yet.