You manage a Google Cloud project (Project A) that is protected by a VPC Service Controls perimeter, which is currently blocking all API access, including Pub/Sub. A service account from a different, unprotected project (Project B) needs to consume messages from a Pub/Sub topic in Project A. You must grant this access following the principle of least privilege. What should you do? | Google Professional Cloud Security Engineer Quiz