An application running on a Compute Engine instance needs to access data in a Cloud Storage bucket. Your team's policy prohibits globally readable buckets and requires adherence to the principle of least privilege.

Which is the correct approach to meet this requirement?

Exam-Like

Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance's IP address and allows the application to read from the bucket without credentials.

Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance.

Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata.

Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key.

Google Professional Cloud Security Engineer

Get started today

Comments

An application running on a Compute Engine instance needs to access data in a Cloud Storage bucket. Your team's policy prohibits globally readable buckets and requires adherence to the principle of least privilege.

Which is the correct approach to meet this requirement?

Google Professional Cloud Security Engineer

Get started today

Comments

An application running on a Compute Engine instance needs to access data in a Cloud Storage bucket. Your team's policy prohibits globally readable buckets and requires adherence to the principle of least privilege. Which is the correct approach to meet this requirement?

An application running on a Compute Engine instance needs to access data in a Cloud Storage bucket. Your team's policy prohibits globally readable buckets and requires adherence to the principle of least privilege.

Which is the correct approach to meet this requirement?