Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam
Go to Exam

Exam Associate Cloud Engineer topic 1 question 19 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 19
Topic #: 1
[All Associate Cloud Engineer Questions]

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

  • A. When creating the VM via the web console, specify the service account under the 'Identity and API Access' section.
  • B. Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service- account.
  • C. Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine- service-account.
  • D. Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service- account.json.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Agents89 at May 2, 2020, 1:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Agents89
Highly Voted 4 years, 6 months ago
A is correct
upvoted 58 times
ashrafh
3 years, 3 months ago
I vote A https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances Changing the service account and access scopes for an instance If you want to run the VM as a different identity, or you determine that the instance needs a different set of scopes to call the required APIs, you can change the service account and the access scopes of an existing instance. For example, you can change access scopes to grant access to a new API, or change an instance so that it runs as a service account that you created, instead of the Compute Engine default service account. However, Google recommends that you use the fine-grained IAM policies instead of relying on access scopes to control resource access for the service account. To change an instance's service account and access scopes, the instance must be temporarily stopped. To stop your instance, read the documentation for Stopping an instance. After changing the service account or access scopes, remember to restart the instance. Use one of the following methods to the change service account or access scopes of the stopped instance. Hope this helps :)
upvoted 18 times
...
ready2rock
3 years, 5 months ago
How can this be? It says you HAVE a VM, meaning it's already created. A cannot be the solution.
upvoted 12 times
jiniguez
2 years, 11 months ago
As the comment says: "To change an instance's service account and access scopes, the instance must be temporarily stopped ... After changing the service account or access scopes, remember to restart the instance." So we can stop the instance, change the service account, then start it up again.
upvoted 3 times
...
...
boof
3 years, 2 months ago
A seems legit, the answer is worded poorly but is the most correct. --- https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes --- "To change an instance's service account and access scopes, the instance must be temporarily stopped ... After changing the service account or access scopes, remember to restart the instance." So we can stop the instance, change the service account, then start it up again.
upvoted 6 times
...
...
jabrrJ68w02ond1
Highly Voted 2 years, 11 months ago
Either the question or the answers are wrong. The question says that we HAVE a Linux VM, so we should strike all the answers that include "when creating the VM.." - on the other hand, adding JSON Tokens to VM metadata is terrible because it's readable in clear-text for everyone. So, what do we need to do here?
upvoted 12 times
...
errorfetch
Most Recent 2 months ago
Selected Answer: A
A is correct because the easiest solution is specifying the service account while creating the vm. if you dont specify the default compute engine account is chosen.
upvoted 2 times
...
nubelukita45852
2 months, 1 week ago
Selected Answer: A
Para asegurarse de que la máquina virtual utilice una cuenta de servicio específica en lugar de la predeterminada de Compute Engine, debes especificar la cuenta de servicio correcta al crear la máquina virtual. En la sección "Identidad y acceso a API", puedes seleccionar la cuenta de servicio adecuada para garantizar que las solicitudes y accesos a otros servicios, como Cloud SQL, se realicen usando los permisos asociados a esa cuenta de servicio. B, C y D implican el uso de claves privadas JSON, lo cual no es una práctica recomendada debido a los riesgos de seguridad asociados al manejo de claves manualmente.
upvoted 1 times
...
Timfdklfajlksdjlakf
2 months, 4 weeks ago
Selected Answer: A
A is correct.
upvoted 1 times
...
hmd2910
5 months, 1 week ago
The question implies that a Linux VM already exists and needs to be configured to use a specific service account instead of the default Compute Engine service account. This is crucial because it eliminates option A, which focuses on setting the service account during VM creation. Why Option C is Correct: Custom Metadata : Custom metadata is designed for VM-specific configuration. It's the ideal place to store service account credentials. compute-engine-service-account : This is the specific metadata key used to tell the VM which service account to use. JSON Private Key : This is the standard format for storing service account credentials.
upvoted 2 times
...
ccpmad
6 months ago
Selected Answer: A
select the service account directly in vm options, when creating or editing the VM. JSON private key? what are you talking about. You are all wrong
upvoted 1 times
...
sinh
10 months, 2 weeks ago
What documentation do you have on B, C, and D?
upvoted 1 times
...
geekywitcher
11 months ago
Selected Answer: A
A is recommended way. C is correct but A is the recommended approach.
upvoted 1 times
...
saylar478
1 year, 1 month ago
Selected Answer: A
A is correct
upvoted 1 times
...
ezzar
1 year, 1 month ago
the key is not directly provided to the VM (normally) only Service account to use https://docs.bridgecrew.io/docs/bc_gcp_iam_2
upvoted 1 times
...
Evan7557
1 year, 1 month ago
A is correct Answer
upvoted 1 times
...
YourCloudGuru
1 year, 2 months ago
Selected Answer: D
The correct answer is D. This is the recommended approach, because it allows you to specify the service account that you want to use without having to modify the VM's metadata. The other options are not as good: Option A is not as good, because it requires you to specify the service account when creating the VM. This can be inconvenient if you need to update the service account later. Option B is not as good, because it requires you to modify the VM's metadata. This can be complex and error-prone. Option C is not as good, because it requires you to modify the VM's custom metadata. This is not a recommended approach, because custom metadata is intended for use by custom applications.
upvoted 2 times
...
vinodthakur49
1 year, 3 months ago
Selected Answer: C
we have to use the newly created account rather VM default/attached SA.
upvoted 1 times
...
ExamsFR
1 year, 4 months ago
Selected Answer: A
A is correct
upvoted 3 times
...
rosh199
1 year, 4 months ago
A is correct
upvoted 2 times
...
geeroylenkins
1 year, 4 months ago
Selected Answer: A
A is correct. No idea why you'd add anything to metadata of an instance https://cloud.google.com/compute/docs/metadata/overview The SA can be specified in the web console during creation of the VM and also if the VM is stopped. This SA will then be used for everything that VM does. Therefore, A is correct.
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel