Answer-first summary for fast verification
Answer: Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
The correct answer is C because it aligns with Google Cloud's best practices for service account key management. For on-premises infrastructure accessing Google Cloud services, user-managed service account keys are required since GCP-managed keys cannot be downloaded and used externally. For GCE VMs running within Google Cloud, GCP-managed keys are preferred as they are automatically rotated, more secure, and require no manual key management. Option A is incorrect because provisioning service account keys for GCE VMs is unnecessary and less secure than using GCP-managed keys. Option B is incorrect as user accounts should not be used for service authentication due to security risks and lack of automated key rotation. Option D is overly complex and unnecessary, as custom authentication services are not required when standard service account mechanisms are available. The community discussion strongly supports C with high upvotes and references to official Google documentation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
JencoMart is migrating user profile storage to Google Cloud Datastore and application servers to Google Compute Engine (GCE). The existing on-premises infrastructure requires access to Datastore to upload data during the migration. What service account key-management strategy should you recommend?
A
Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
B
Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
C
Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
D
Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs