Answer-first summary for fast verification
Answer: Generate and download a key for a service account with the least privileges necessary for the required services, then use this key within the application for authentication.
The correct approach is **A** because service accounts allow applications to securely authenticate and interact with Google Cloud APIs. According to GCP documentation, for applications running outside of GCP (like on-premises), a service account's identity must be established using a public/private key pair. This key pair is generated and downloaded upon creation, with the private key needing secure storage and accessibility for the application to make authenticated API calls. Options **B** and **C** are incorrect as default service accounts lack the necessary permissions and are not available for on-premises deployments. Option **D**, while functional, violates the principle of least privilege by granting editor-level permissions unnecessarily and still requires a key for on-premises use.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team has developed an application requiring access to both Cloud Storage and BigQuery. This application is containerized and will be deployed on Kubernetes Engine as well as on-premises. What is the most secure and efficient method for the application to authenticate with Google Cloud services?
A
Generate and download a key for a service account with the least privileges necessary for the required services, then use this key within the application for authentication.
B
Utilize the default service account provided for App Engine, assuming it has the necessary permissions.
C
Rely on the default service account for Compute Engine, assuming it has the necessary permissions.
D
Create a service account with editor-level permissions, generate and download a key, and use this key for authentication within the application.
No comments yet.