Topic 1 Question 126

Professional Cloud Developer

Topic 1 Question 126
Your team develops services that run on Google Cloud. You need to build a data processing service and will use Cloud Functions. The data to be processed by the function is sensitive. You need to ensure that invocations can only happen from authorized services and follow Google-recommended best practices for securing functions. What should you do?
- Enable Identity-Aware Proxy in your project. Secure function access using its permissions.
- Create a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.
- Create a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.
- Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.
解説
Reference: https://medium.com/google-cloud/how-to-securely-invoke-a-cloud-function-from-google-kubernetes-engine-running-on-another-gcp-79797ec2b2c6

ユーザの投票
コメント(14)
- 正解だと思う選択肢: C
  For me C. In link1 we can see how google suggests to use service accounts and in link2 we can see that the invoker role exists. Link1: https://cloud.google.com/functions/docs/securing#authentication Link2: https://cloud.google.com/functions/docs/reference/iam/roles#cloud-functions-roles
  
  👍 5
  fabiam932022/03/03
- Probably Option D is better than C?
  
  👍 3
  Blueocean2022/01/16
- ANSWER C https://medium.com/google-cloud/how-to-securely-invoke-a-cloud-function-from-google-kubernetes-engine-running-on-another-gcp-79797ec2b2c6
  
  👍 3
  TNT872022/11/10
シャッフルモード

解説

ユーザの投票

コメント(14)