Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Exam Associate Cloud Engineer Topic 1 Question 107 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 107
Topic #: 1
[All Associate Cloud Engineer Questions]

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

In general, Google recommends that each instance that needs to call a Google API should run as a service account with the minimum permissions necessary for that instance to do its job. In practice, this means you should configure service accounts for your instances with the following process: Create a new service account rather than using the Compute Engine default service account. Grant IAM roles to that service account for only the resources that it needs. Configure the instance to run as that service account. Grant the instance the https://www.googleapis.com/auth/cloud-platform scope to allow full access to all Google Cloud APIs, so that the IAM permissions of the instance are completely determined by the IAM roles of the service account. Avoid granting more access than necessary and regularly check your service account permissions to make sure they are up-to-date. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices


by Franchesca at Jun 12, 2025, 11:18 AM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Yolando
14 days ago
For a production environment, you definitely don't want to be using Application Default Credentials. That's just asking for trouble.
upvoted 0 times
...
Vincenza
17 days ago
I'm not sure, but I think A could also be a valid option.
upvoted 0 times
...
Elin
18 days ago
I agree with Tyra, B sounds like the right choice.
upvoted 0 times
...
Leonida
19 days ago
Haha, storing user credentials in a config file? That's a disaster waiting to happen! Option D is definitely not the way to go.
upvoted 0 times
Eulah
1 days ago
A) Assign appropriate access for Google services to the service account used by the Compute Engine VM.
upvoted 0 times
...
...
Lauran
1 months ago
I agree, B is the correct answer. Assigning appropriate access to a service account is the Google-recommended practice.
upvoted 0 times
Casey
5 days ago
Make sure to configure the application to use the new service account for seamless migration.
upvoted 0 times
...
Tracey
6 days ago
Agreed, that's the recommended practice by Google for authentication.
upvoted 0 times
...
Ronny
10 days ago
I think B is the best option. Creating a service account with the right access is key.
upvoted 0 times
...
...
Tyra
1 months ago
I think the answer is B.
upvoted 0 times
...
Elliot
2 months ago
Option B seems like the way to go. Using a service account is more secure than storing user credentials.
upvoted 0 times
Virgina
11 days ago
Assigning appropriate access for Google services to the service account used by the Compute Engine VM is the way to go.
upvoted 0 times
...
Gracia
24 days ago
I think we should create a service account with appropriate access for Google services.
upvoted 0 times
...
Mireya
1 months ago
I agree, using a service account is definitely more secure.
upvoted 0 times
...
...

Save Cancel