Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Explanation:

Option A is incorrect because using the default service account would grant Cloud Storage permissions to all instances using the same account, contrary to the requirement. Option B is incorrect as copying metadata does not restrict access to the new instance only. Option C is correct because creating a new service account ensures exclusive access for the new instance when granted Cloud Storage permissions. Option D is incorrect since metadata copying does not restrict access to the new instance only, despite the new service account creation.

Explanation:

Comments (0)

No comments yet.

You are tasked with deploying a third-party One Time Password (OTP) application service on Compute Engine. This service will send users an OTP upon sign-up. The application's installation files are stored in Cloud Storage. How can you ensure that only the new instance can access these installation files, without granting access to other already-configured instances?

Real Exam

Last updated: March 21, 2026 at 14:03

Use the default Compute Engine service account for the instance during creation. 2. Grant this service account permissions on Cloud Storage.

13.0%

Use the default Compute Engine service account for the instance during creation. 2. Copy the metadata from the Cloud Storage bucket to the new instance's metadata.

13.0%

Create a new service account for the instance during creation. 2. Grant this new service account permissions on Cloud Storage.

56.5%

Create a new service account for the instance during creation. 2. Copy the metadata from the Cloud Storage bucket to the new instance's metadata.

17.4%