Exam Associate Cloud Engineer topic 1 question 70 discussion

Correct answer should be (B): To use a service account outside of Google Cloud, such as on other platforms or on-premises, you must first establish the identity of the service account. Public/private key pairs provide a secure way of accomplishing this goal. https://cloud.google.com/iam/docs/creating-managing-service-account-keys

The recommended approach for enabling authentication from an on-premises environment to Google Cloud Platform (GCP) services like AutoML is to use a service account and generate a JSON key file for the service account. This key file can then be used to authenticate and authorize API calls from your on-premises environment to GCP. Therefore, the correct answer is B. Use gcloud to create a key file for the service account that has appropriate permissions.

Correct answer should be A. "Use service account credentials", so here "credentials" indicate that we will use JSON key file in our on-premises application, and it is a correct way to authenticate from on-premises to APIs. The B option just says how to create this file, and it misses the next step for what to do next to achieve an authentication. In option A and B we will have the same JSON key file, but only option A contains full way to accomplish the task.

B As per the documentation: https://cloud.google.com/iam/docs/keys-create-delete#creating

The correct answer is B

A. Use service account credentials in your on-premises application. Explanation: Service accounts are the recommended way to authenticate your application and authorize it to access GCP services. You can create and use service account credentials to authenticate your application running in your on-premises environment and access GCP services like AutoML. Option B (using gcloud to create a key file for the service account) is a valid approach to generate credentials for a service account, but using those credentials in your application is essential, which aligns with option A. Options C and D are not directly related to enabling authentication for on-premises applications using service account credentials. Setting up direct interconnect (option C) is about networking, and granting permissions to a user account (option D) is not the standard approach for authenticating an application running on-premises to GCP services

B is the correct answer, as to access the out side the google cloud , you need the key

A. Use service account credentials in your on-premises application. To enable authentication to GCP services from your on-premises environment, you can use service account credentials in your on-premises application. This involves creating a service account that has appropriate access to the required GCP services, downloading the service account key file, and using the key file to authenticate the API requests in your on-premises application. This is a secure way to authenticate to GCP services as it does not require direct access to your GCP project or credentials from your on-premises environment.

B it is.

B it is.

Correct answer should be (B):

B is right To use a service account from outside of Google Cloud, such as on other platforms or on-premises, you must first establish the identity of the service account. Public/private key pairs provide a secure way of accomplishing this goal. When you create a service account key, the public portion is stored on Google Cloud, while the private portion is available only to you. For more information about public/private key pairs, see Service account keys.

Go for B

Even thought A and B seem to be doing the same thing the best practice is to create a key so B is the right answer !

B. Use gcloud to create a key file for the service account that has appropriate permissions.

B. Use gcloud to create a key file for the service account that has appropriate permissions.

Why not A? Aren't A and B getting the same key file?