Topic 1 Question 159
You have an on-premises application that authenticates to the Cloud Storage API using a user-managed service account with a user-managed key. The application connects to Cloud Storage using Private Google Access over a Dedicated Interconnect link. You discover that requests from the application to access objects in the Cloud Storage bucket are failing with a 403 Permission Denied error code. What is the likely cause of this issue?
The folder structure inside the bucket and object paths have changed.
The permissions of the service account’s predefined role have changed.
The service account key has been rotated but not updated on the application server.
The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: B
The correct option is B. The 403 Permission Denied error code indicates that the service account is authenticated, but it doesn't have sufficient permissions to access the Cloud Storage bucket. If the error code were 401 Unauthorized, it would suggest that the authentication failed, which could be caused by a rotated key, as in option C. However, in this case, the error code is 403, which indicates a problem with the permissions of the service account, making option B the most likely cause.
👍 5mrvergara2023/02/08 - 👍 2TNT872022/12/25
- 正解だと思う選択肢: C
A user-managed service account authenticates to the Cloud Storage API using a key, which is a unique identifier that proves the identity of the service account. If the key is rotated, meaning it is replaced with a new one, the application will no longer be able to authenticate using the old key, resulting in a 403 Permission Denied error. To resolve this issue, the application server must be updated with the new key.
👍 2omermahgoub2023/01/28
シャッフルモード