Answer-first summary for fast verification
Answer: Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key.
The correct answer is **C**. Creating a new service account with the necessary roles for accessing Cloud Storage and Bigtable ensures the application adheres to the principle of least privilege. This service account should have only the permissions essential for its tasks. By assigning this service account to the Compute Engine instance and configuring your application to use it for authentication, you guarantee that the application operates with minimal necessary permissions. This method is more secure and efficient than managing credentials manually or using broader permissions than needed, as suggested in the other options.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
When deploying an application to a Compute Engine instance that needs to access Cloud Storage and Bigtable, how can you ensure the application follows the principle of least privilege for authentication?
A
Register the application with the Binary Registration Service and apply the required roles.
B
Use the default Compute Engine service account and set its scopes. Let the code find the default service account using Application Default Credentials.
C
Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key.
D
Create a new user account with the required roles. Store the credentials in Cloud Key Management Service and download them to the instance in code.