Topic 1 Question 243

Professional Cloud Developer

Topic 1 Question 243
You have two Google Cloud projects, named Project A and Project B. You need to create a Cloud Function in Project A that saves the output in a Cloud Storage bucket in Project B. You want to follow the principle of least privilege. What should you do?
- 1. Create a Google service account in Project B.
  2. Deploy the Cloud Function with the service account in Project A.
  3. Assign this service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
- 1. Create a Google service account in Project A
  2. Deploy the Cloud Function with the service account in Project A.
  3. Assign this service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
- 1. Determine the default App Engine service account ([email protected]) in Project A.
  2. Deploy the Cloud Function with the default App Engine service account in Project A.
  3. Assign the default App Engine service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
- 1. Determine the default App Engine service account ([email protected]) in Project B.
  2. Deploy the Cloud Function with the default App Engine service account in Project A.
  3. Assign the default App Engine service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: B
  A is not correct because you cannot run a Cloud Function with a service account that is not in the same Google Cloud project. B is correct because it follows the least privilege principle and for a Cloud Function, the service account must be created in the same project where the function is getting executed.
  
  👍 3
  mrvergara2023/02/11
- took my exam yesterday (01-03-2023) and this question was there
  
  👍 3
  Pime132023/03/02
- 正解だと思う選択肢: A
  In option B, a service account is created in Project A, but this service account would have access to all the resources within Project A, which is more than is necessary for the task of saving output to a storage bucket in Project B.
  
  Options C and D use the default App Engine service account, which would have more permissions than necessary, as it would have access to all App Engine resources within Project A or B, rather than just the permissions needed for the task of saving output to a storage bucket in Project B.
  
  👍 2
  mrvergara2023/02/04
シャッフルモード

ユーザの投票

コメント(6)