Answer-first summary for fast verification
Answer: Specify the service account under the ‘Identity and API Access‘ section by creating the VM via the web console.
Option A is correct because assigning the service account to the VM during its creation via the web console under the ‘Identity and API Access‘ section allows applications running on the VM to automatically use the application-default credentials without further configurations. This method ensures the VM has the necessary access rights to connect to Cloud SQL using the specified service account. Options B, C, and D are incorrect due to reasons such as the irrelevance of the 'compute-engine-service-account' key in project or VM metadata for granting access rights, and the security risks and inefficiency associated with manually handling service account JSON keys. It's crucial to handle service account keys with care to avoid compromising your infrastructure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your web-development company, established in the early 2000s and currently self-hosted, is in the process of migrating its web application from on-premises servers to Google Cloud Platform (GCP). The application utilizes My-SQL as its database. You've determined that running the application on a Linux VM and connecting to a My-SQL instance on Cloud SQL is feasible. The security team has provided a service account with the necessary access rights for this migration. You are instructed to use this service account for connecting to Cloud SQL, instead of the default Compute Engine Service account. What steps should you take?
A
Specify the service account under the ‘Identity and API Access‘ section by creating the VM via the web console.
B
Download a JSON Private Key for the service account and add that JSON as the value for the key compute-engine-service-account on the Project Metadata.
C
Download a JSON Private Key for the service account and add that JSON as the value for the key compute-engine-service-account on the Custom Metadata of the VM.
D
Download a JSON Private Key for the service account and, after creating the VM, ssh into the VM to save the JSON under ~/.gcloud/compute-engine-service-account.json.
No comments yet.