You are developing an internal App Engine application that requires access to a user's Google Drive without relying on the user's credentials. Your organization wants to adhere to Google's recommended practices. What should you do?

Exam-Like

Create a new Service account, and give all application users the role of Service Account User.

Create a new Service account, and add all application users to a Google Group. Give this group the role of Service Account User.

Use a dedicated G Suite Admin account, and authenticate the application's operations with these G Suite credentials.

Create a new service account, and grant it G Suite domain-wide delegation. Have the application use it to impersonate the user.

Google Professional Cloud Security Engineer