Topic 1 Question 320
You are developing an application that runs on a Compute Engine VM. The application needs to access data stored in Cloud Storage buckets in other Google Cloud projects. The required access to the buckets is variable. You need to provide access to these resources while following Google- recommended practices. What should you do?
Limit the VMs access to the Cloud Storage buckets by setting the relevant access scope of the VM.
Create IAM bindings for the VM’s service account and the required buckets that allow appropriate access to the data stored in the buckets.
Grant the VM's service account access to the required buckets by using domain-wide delegation.
Create a group and assign IAM bindings to the group for each bucket that the application needs to access. Assign the VM's service account to the group.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
Directly assigning IAM bindings to the VM's service account for each Cloud Storage bucket provides the most secure and flexible way to manage access to your data. This approach adheres to the principle of least privilege and allows you to adapt to changing access requirements with ease. While groups can be useful for managing permissions for multiple VMs, it adds an extra layer of complexity when dealing with a single application on one VM.
👍 2vamgcp2024/11/25 - 正解だと思う選択肢: B
Answer B
👍 1abdelrahman892024/10/24 - 正解だと思う選択肢: B
well explained below
👍 1MoAk2024/11/27
シャッフルモード