New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Associate Cloud Engineer Exam - Topic 1 Question 107 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 107
Topic #: 1
[All Associate Cloud Engineer Questions]

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

In general, Google recommends that each instance that needs to call a Google API should run as a service account with the minimum permissions necessary for that instance to do its job. In practice, this means you should configure service accounts for your instances with the following process: Create a new service account rather than using the Compute Engine default service account. Grant IAM roles to that service account for only the resources that it needs. Configure the instance to run as that service account. Grant the instance the https://www.googleapis.com/auth/cloud-platform scope to allow full access to all Google Cloud APIs, so that the IAM permissions of the instance are completely determined by the IAM roles of the service account. Avoid granting more access than necessary and regularly check your service account permissions to make sure they are up-to-date. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices


by Franchesca at Jun 12, 2025, 11:18 AM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cristen
2 months ago
Wait, people actually use user account credentials in config files? Really?
upvoted 0 times
...
Novella
2 months ago
I think A is better for simplicity.
upvoted 0 times
...
Jill
3 months ago
Definitely not D, that's a security nightmare.
upvoted 0 times
...
Donette
3 months ago
Storing credentials in a config file? That sounds risky!
upvoted 0 times
...
Coral
3 months ago
Option B is the way to go!
upvoted 0 times
...
Hoa
3 months ago
I definitely remember that storing credentials in a config file is not recommended, so options C and D seem wrong to me.
upvoted 0 times
...
Salina
4 months ago
I feel like option B could be a good choice too, but I can't recall if we covered the specifics of configuring the application to use a new service account.
upvoted 0 times
...
Haydee
4 months ago
I think option A makes sense since it mentions assigning access to the service account, which is what we practiced in the lab.
upvoted 0 times
...
Glenn
4 months ago
I remember we discussed the importance of using service accounts for VM authentication, but I'm not sure if I should create a new one or just use the existing one.
upvoted 0 times
...
Junita
4 months ago
I'm a bit confused by the wording here. Does "minimal changes" mean I shouldn't have to modify my application code much? If that's the case, I think option A might be the way to go, since it sounds like I can just assign the right permissions to the existing service account.
upvoted 0 times
...
Stefanie
4 months ago
Okay, I've got this. The question is asking about best practices, so I'm going to go with option B and create a service account. That way, I can keep my personal credentials secure and still access the Google Cloud services I need.
upvoted 0 times
...
Cecilia
5 months ago
Hmm, I'm a little unsure about this one. I know I need to set up authentication, but I'm not sure if I should use a service account or just store my own credentials. I'll have to think this through carefully.
upvoted 0 times
...
Hyun
5 months ago
This seems pretty straightforward. I think the key is to use a service account instead of my personal credentials, so I'll go with option B.
upvoted 0 times
...
Yolando
7 months ago
For a production environment, you definitely don't want to be using Application Default Credentials. That's just asking for trouble.
upvoted 0 times
Vivan
7 months ago
B) Create a service account with appropriate access for Google services, and configure the application to use this account.
upvoted 0 times
...
Virgie
7 months ago
A) Assign appropriate access for Google services to the service account used by the Compute Engine VM.
upvoted 0 times
...
...
Vincenza
8 months ago
I'm not sure, but I think A could also be a valid option.
upvoted 0 times
...
Elin
8 months ago
I agree with Tyra, B sounds like the right choice.
upvoted 0 times
...
Leonida
8 months ago
Haha, storing user credentials in a config file? That's a disaster waiting to happen! Option D is definitely not the way to go.
upvoted 0 times
Sherron
7 months ago
C) Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.
upvoted 0 times
...
Shayne
7 months ago
B) Create a service account with appropriate access for Google services, and configure the application to use this account.
upvoted 0 times
...
Eulah
7 months ago
A) Assign appropriate access for Google services to the service account used by the Compute Engine VM.
upvoted 0 times
...
...
Lauran
8 months ago
I agree, B is the correct answer. Assigning appropriate access to a service account is the Google-recommended practice.
upvoted 0 times
Marjory
7 months ago
Definitely, it's important to follow best practices when setting up authentication on a Compute Engine VM.
upvoted 0 times
...
Casey
7 months ago
Make sure to configure the application to use the new service account for seamless migration.
upvoted 0 times
...
Tracey
7 months ago
Agreed, that's the recommended practice by Google for authentication.
upvoted 0 times
...
Ronny
7 months ago
I think B is the best option. Creating a service account with the right access is key.
upvoted 0 times
...
...
Tyra
8 months ago
I think the answer is B.
upvoted 0 times
...
Elliot
9 months ago
Option B seems like the way to go. Using a service account is more secure than storing user credentials.
upvoted 0 times
Virgina
7 months ago
Assigning appropriate access for Google services to the service account used by the Compute Engine VM is the way to go.
upvoted 0 times
...
Gracia
8 months ago
I think we should create a service account with appropriate access for Google services.
upvoted 0 times
...
Mireya
8 months ago
I agree, using a service account is definitely more secure.
upvoted 0 times
...
...

Save Cancel