Answer-first summary for fast verification
Answer: Create a new service account with Cloud Pub/Sub access and associate it with the instance
The correct answer is **A** because the VM needs to be granted permissions using a service account to communicate with Cloud Pub/Sub. This involves creating a new service account with the necessary Cloud Pub/Sub access and associating it with the instance. - **Option B** is incorrect because Cloud Pub/Sub does not support IP whitelisting; firewalls are applicable only to Compute Engines. - **Option C** is not the best choice as service accounts are designed for service-to-service communication, handling OAuth authentication internally. - **Option D** is incorrect because if the service account has no permissions, the instance will not be able to communicate with Cloud Pub/Sub, regardless of the access scope settings. For more details, refer to the [GCP documentation on Service Account Permissions](https://cloud.google.com/docs).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To enable a Google Compute Engine virtual machine instance to connect to Google Cloud Pub/Sub, which method should you use to provision access for the application?
A
Create a new service account with Cloud Pub/Sub access and associate it with the instance
B
Whitelist the Google Compute Engine virtual machine instance IP on the Cloud Pub/Sub firewall
C
Build or leverage an OAuth-compatible access control system
D
Create a new service account with no access and enable an access scope to allow Cloud Pub/Sub access for the instance