Answer-first summary for fast verification
Answer: Assign the appropriate Cloud Pub/Sub IAM roles to the VM service accounts.
The correct approach is to grant the VM service accounts the appropriate Cloud Pub/Sub IAM roles (Option C). This method leverages service accounts for secure, server-to-server authentication, aligning with Google's recommendations. Service accounts are designed for scenarios where applications interact with Google Cloud services on their own behalf, not on behalf of individual users. This setup ensures that the application can securely access Cloud Pub/Sub without exposing sensitive credentials. Options A, B, and D either introduce unnecessary complexity or misapply the principles of service account and IAM role management, making them less optimal or incorrect for this scenario.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To securely authenticate your application's VMs to Google Cloud services like Cloud Pub/Sub for processing sensitive transaction data, what is the recommended approach by Google?
A
Encrypt an OAuth2 access token for Cloud Pub/Sub and store it in Cloud Storage for VM access.
B
Implement a Cloud Function as a gateway to Cloud Pub/Sub, assigning the necessary IAM roles to the Cloud Function's service account.
C
Assign the appropriate Cloud Pub/Sub IAM roles to the VM service accounts.
D
Use VM access scopes to grant Cloud Pub/Sub IAM roles, ensuring VM service accounts do not have direct access.