Google Exam Associate Cloud Engineer Topic 1 Question 107 Discussion

Actual exam question for Google's Associate Cloud Engineer exam

Question #: 107
Topic #: 1

[All Associate Cloud Engineer Questions]

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

AAssign appropriate access for Google services to the service account used by the Compute Engine VM.

BCreate a service account with appropriate access for Google services, and configure the application to use this account.

CStore credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

DStore credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Show Suggested Answer

Suggested Answer: B

In general, Google recommends that each instance that needs to call a Google API should run as a service account with the minimum permissions necessary for that instance to do its job. In practice, this means you should configure service accounts for your instances with the following process: Create a new service account rather than using the Compute Engine default service account. Grant IAM roles to that service account for only the resources that it needs. Configure the instance to run as that service account. Grant the instance the https://www.googleapis.com/auth/cloud-platform scope to allow full access to all Google Cloud APIs, so that the IAM permissions of the instance are completely determined by the IAM roles of the service account. Avoid granting more access than necessary and regularly check your service account permissions to make sure they are up-to-date. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices

by Franchesca at Jun 12, 2025, 11:18 AM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!