Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Explanation:

The correct answer is A because the VM needs to be granted permissions using a service account to communicate with Cloud Pub/Sub. This involves creating a new service account with the necessary Cloud Pub/Sub access and associating it with the instance.

Option B is incorrect because Cloud Pub/Sub does not support IP whitelisting; firewalls are applicable only to Compute Engines.
Option C is not the best choice as service accounts are designed for service-to-service communication, handling OAuth authentication internally.
Option D is incorrect because if the service account has no permissions, the instance will not be able to communicate with Cloud Pub/Sub, regardless of the access scope settings.

For more details, refer to the GCP documentation on Service Account Permissions.

Explanation:

Option B is incorrect because Cloud Pub/Sub does not support IP whitelisting; firewalls are applicable only to Compute Engines.
Option C is not the best choice as service accounts are designed for service-to-service communication, handling OAuth authentication internally.
Option D is incorrect because if the service account has no permissions, the instance will not be able to communicate with Cloud Pub/Sub, regardless of the access scope settings.

For more details, refer to the GCP documentation on Service Account Permissions.

Comments (0)

No comments yet.

To enable a Google Compute Engine virtual machine instance to connect to Google Cloud Pub/Sub, which method should you use to provision access for the application?

Real Exam

Create a new service account with Cloud Pub/Sub access and associate it with the instance

64.3%

Whitelist the Google Compute Engine virtual machine instance IP on the Cloud Pub/Sub firewall

7.1%

Build or leverage an OAuth-compatible access control system

7.1%

Create a new service account with no access and enable an access scope to allow Cloud Pub/Sub access for the instance

21.4%