exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam

Exam Associate Cloud Engineer topic 1 question 183 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 183
Topic #: 1
[All Associate Cloud Engineer Questions]

You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

  • A. Create the instance with the default Compute Engine service account. Grant the service account permissions on Cloud Storage.
  • B. Create the instance with the default Compute Engine service account. Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
  • C. Create a new service account and assign this service account to the new instance. Grant the service account permissions on Cloud Storage.
  • D. Create a new service account and assign this service account to the new instance. Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
VietmanOfficiel
Highly Voted 2 years, 3 months ago
Selected Answer: C
"without allowing other instances" , the other instances are created with default compute engine service account. So you must create a new independant service account
upvoted 9 times
...
scanner2
Most Recent 1 year, 2 months ago
Selected Answer: C
C is correct.
upvoted 3 times
...
gcpreviewer
2 years, 2 months ago
Selected Answer: C
C is the clear choice. Want to create a new service account instead of using the default and grant it permissions in cloud storage. Straightforward C.
upvoted 3 times
...
manjtrade2
2 years, 2 months ago
Selected Answer: C
C is right
upvoted 1 times
...
snkhatri
2 years, 3 months ago
Selected Answer: C
C seems right to me
upvoted 1 times
...
AzureDP900
2 years, 5 months ago
C https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts If an application uses third-party or custom identities and needs to access a resource, such as a BigQuery dataset or a Cloud Storage bucket, it must perform a transition between principals. Because Google Cloud APIs don't recognize third-party or custom identities, the application can't propagate the end-user's identity to BigQuery or Cloud Storage. Instead, the application has to perform the access by using a different Google identity.
upvoted 2 times
...
KRIV_1
2 years, 6 months ago
Although C is the correct answer notice that, as Google recommend, you first need to grant the service account the required permission before attach it to a resource.
upvoted 1 times
...
JelloMan
2 years, 7 months ago
Selected Answer: C
C all the way. Restricts access to other VMs since they won’t have the new service account you have associated with your new VM
upvoted 4 times
...
amindbesideitself
2 years, 7 months ago
Selected Answer: C
C, other VMs will run as default service account.
upvoted 2 times
...
Akash7
2 years, 7 months ago
C is correct as the other vms have default service accounts.
upvoted 2 times
...
PAUGURU
2 years, 7 months ago
Selected Answer: C
C, using Default account makes the storage visible to other machines
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...