Topic 1 Question 133
An application generates daily reports in a Compute Engine virtual machine (VM). The VM is in the project corp-iot-insights. Your team operates only in the project corp-aggregate-reports and needs a copy of the daily exports in the bucket corp-aggregate-reports-storage. You want to configure access so that the daily reports from the VM are available in the bucket corp-aggregate-reports-storage and use as few steps as possible while following Google-recommended practices. What should you do?
Move both projects under the same folder.
Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.
Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.
Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.
ユーザの投票
コメント(17)
Correct Answer is (B):
Predefined roles The following table describes Identity and Access Management (IAM) roles that are associated with Cloud Storage and lists the permissions that are contained in each role. Unless otherwise noted, these roles can be applied either to entire projects or specific buckets.
Storage Object Creator (roles/storage.objectCreator) Allows users to create objects. Does not give permission to view, delete, or overwrite objects.
https://cloud.google.com/storage/docs/access-control/iam-roles#standard-roles
👍 32ESP_SAP2020/08/21i think is B
👍 13francisco_guerra2020/08/09- 正解だと思う選択肢: B
You should be able to add a service account to another project:
Create the first service account in project A in the Cloud Console. Activate it using gcloud auth activate-service-account.
In the Cloud Console, navigate to project B. Find the "IAM & admin" > "IAM" page. Click the "Add" button. In the "New members" field paste the name of the service account (it should look like a strange email address) and give it the appropriate role.
Run gcloud commands with --project set to project B. They should succeed (I just manually verified that this will work).
Automatic creation of service accounts is something that we're hesitant to do until we can work through all of the security ramifications.
👍 4[Removed]2022/01/26
シャッフルモード