Topic 1 Question 15
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?
Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance's IP address and allows the application to read from the bucket without credentials.
Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance.
Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata.
Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key.
ユーザの投票
コメント(17)
Correct Answer is (B): If your application runs inside a Google Cloud environment that has a default service account, your application can retrieve the service account credentials to call Google Cloud APIs. Such environments include Compute Engine, Google Kubernetes Engine, App Engine, Cloud Run, and Cloud Functions. We recommend using this strategy because it is more convenient and secure than manually passing credentials.
Additionally, we recommend you use Google Cloud Client Libraries for your application. Google Cloud Client Libraries use a library called Application Default Credentials (ADC) to automatically find your service account credentials. ADC looks for service account credentials in the following order:
https://cloud.google.com/docs/authentication/production#automatically
👍 11ESP_SAP2020/11/24- 正解だと思う選択肢: C
Correct ans is C. The credentials are retrieved from the metedata server
👍 10Medofree2022/04/08 I'll go with B. A - ACL's are not able to allow access based on IP C - If you store the credentials in the metadata those will be public accessible by everyone with project access. D - Too complex
👍 6HectorLeon20992020/10/06
シャッフルモード