Topic 1 Question 284

Associate Cloud Engineer

Topic 1 Question 284
You are developing an application that will be deployed on Google Cloud. The application will use a service account to retrieve data from BigQuery. Before you deploy your application, you want to test the permissions of this service account from your local machine to ensure there will be no authentication issues. You want to ensure that you use the most secure method while following Google-recommended practices. What should you do?
- Generate a service account key, and configure the gcloud CLI to use this key. Issue a relevant BigQuery request through the gdoud CLI to test the access.
- Grant the service account the BigQuery Administrator IAM role to ensure the service account has all required access.
- Configure the gcloud CLI to use service account impersonation. Issue a relevant BigQuery request through the gcloud CLI to test the access.
- Configure the gcloud CLI with Application Default Credentials using your user account. Issue a relevant BigQuery request through the gcloud CLI to test the access.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: C
  Google-recommended practices advise against distributing or storing long-lived service account keys because they can be a security risk. Instead, service account impersonation allows you to use your own credentials to "borrow" the identity of the service account without needing to download a key file. This method is more secure.
  
  👍 1
  Esteban082025/02/28
- 正解だと思う選択肢: C
  C is the best way to securely test the permissions of the service account from your local machine
  
  👍 1
  Mika_Ro2025/03/03
シャッフルモード

ユーザの投票

コメント(2)