Answer-first summary for fast verification
Answer: Assign a unique service account to each instance for precise access control.
**A** is correct because assigning distinct service accounts to each Compute Engine instance is a recommended practice for granular access control. This approach allows each instance to have specific roles and permissions, ensuring fine-grained management over resource and API access. **B** is incorrect because setting the service account name in metadata does not facilitate granular access control; metadata serves for configuration, not permission management. **C** is incorrect as updating an instance post-creation to add a service account is unnecessary when it can be specified at creation. The `gcloud compute instances update` command does not support service account assignment for permission purposes. **D** is incorrect for the same reason as B; metadata cannot be used to manage API access permissions. For more details, refer to [Google Cloud's documentation on service accounts](https://cloud.google.com/compute/docs/access/service-accounts#associating_a_service_account_to_an_instance).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company has launched a social media app named ‘Pony’, which consists of multiple sub-applications deployed on Compute Engine within the same GCP project. What is the best method to assign specific permissions to each instance that interacts with Google Cloud APIs?
A
Assign a unique service account to each instance for precise access control.
B
Specify the service account name through instance metadata during creation.
C
Use the gcloud compute instances update command post-creation to assign a service account to each instance.
D
Post-creation, utilize the gcloud compute instances update command to add the service account name as instance metadata.
No comments yet.