Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Architect (PR000213) Exam - Topic 8 Question 72 Discussion

Your company pushes batches of sensitive transaction data from its application server VMs to Cloud Pub/Sub for processing and storage. What is the Google-recommended way for your application to authenticate to the required Google Cloud services?
B) Ensure that VM service accounts do not have access to Cloud Pub/Sub, and use VM access scopes to grant the appropriate Cloud Pub/Sub IAM roles.
A) Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
C) Generate an OAuth2 access token for accessing Cloud Pub/Sub, encrypt it, and store it in Cloud Storage for access from each VM.
D) Create a gateway to Cloud Pub/Sub using a Cloud Function, and grant the Cloud Function service account the appropriate Cloud Pub/Sub IAM roles.

Google Professional Cloud Architect (PR000213) Exam - Topic 8 Question 72 Discussion

Actual exam question for Google's Professional Cloud Architect (PR000213) exam
Question #: 72
Topic #: 8
[All Professional Cloud Architect (PR000213) Questions]

Your company pushes batches of sensitive transaction data from its application server VMs to Cloud Pub/Sub for processing and storage. What is the Google-recommended way for your application to authenticate to the required Google Cloud services?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Paris at Nov 23, 2023, 04:12 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect (PR000213) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cathern
6 months ago
I’m surprised there’s even an option to use OAuth tokens for this!
upvoted 0 times
...
Leota
7 months ago
C sounds overly complicated for just accessing Pub/Sub.
upvoted 0 times
...
Vi
7 months ago
Wait, why would you not give the VM access in B? That sounds risky.
upvoted 0 times
...
Ernest
7 months ago
I think D could work too, but A seems simpler.
upvoted 0 times
...
Adaline
7 months ago
A is definitely the way to go!
upvoted 0 times
...
Lino
7 months ago
I vaguely recall something about using Cloud Functions as a gateway, but I’m not certain if that’s the best approach for this scenario.
upvoted 0 times
...
Luisa
8 months ago
I’m a bit confused about option C; I thought generating an OAuth2 token was more complex than just using service accounts directly.
upvoted 0 times
...
Simona
8 months ago
I think option A sounds familiar because we practiced a similar question about IAM roles and service accounts in our last session.
upvoted 0 times
...
Lavonda
8 months ago
I remember we discussed the importance of using service accounts for authentication, but I'm not sure if they should have direct access to Cloud Pub/Sub or not.
upvoted 0 times
...
Bette
8 months ago
I'm pretty confident that option A is the correct answer. Granting the appropriate IAM roles to the VM service accounts is the recommended way to authenticate to Cloud Pub/Sub, as it avoids the need for additional complexity like a gateway or storing encrypted tokens.
upvoted 0 times
...
Britt
8 months ago
Hmm, I'm a bit confused on the difference between using the VM service account directly versus creating a gateway with a Cloud Function. I'll need to review the documentation on the recommended practices for this scenario.
upvoted 0 times
...
Micheline
8 months ago
This looks like a straightforward question about authentication best practices for Google Cloud services. I think the key is to understand the recommended approach for granting the appropriate IAM roles to the VM service accounts.
upvoted 0 times
...
Cheryl
8 months ago
Ah, I see. The question is asking about the Google-recommended way, so I should focus on that rather than trying to come up with my own solution. I think option A is the right approach, but I'll double-check the details to make sure.
upvoted 0 times
...
Vanna
8 months ago
I'm a bit confused on how exactly the control limits and process capability are connected. I'll have to carefully consider the wording of the statement to decide if it's true or false.
upvoted 0 times
...
Blair
8 months ago
Hmm, I'm a bit unsure about this one. The options seem to cover a range of different functionalities, so I'll have to think it through carefully.
upvoted 0 times
...
Maddie
1 year ago
Encrypt an OAuth token and store it in Cloud Storage? That's a recipe for disaster. Option A is the clear winner here.
upvoted 0 times
Sabra
1 year ago
C) Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
upvoted 0 times
...
Ngoc
1 year ago
B) Encrypt an OAuth token and store it in Cloud Storage? That's a recipe for disaster. Option A is the clear winner here.
upvoted 0 times
...
Yuriko
1 year ago
A) Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
upvoted 0 times
...
...
Patti
1 year ago
A gateway using a Cloud Function? That's like using a sledgehammer to crack a nut. Option A all the way!
upvoted 0 times
...
Stephane
1 year ago
I was a bit confused by the options, but after reading them carefully, I agree that Option A is the correct answer. Seems like the most secure and efficient approach.
upvoted 0 times
Stanford
1 year ago
Definitely, security is key when dealing with sensitive data.
upvoted 0 times
...
Glenna
1 year ago
It's important to ensure that only the necessary permissions are granted.
upvoted 0 times
...
Herminia
1 year ago
I agree, granting the appropriate IAM roles to VM service accounts is the way to go.
upvoted 0 times
...
Brittani
1 year ago
I think Option A is the best choice.
upvoted 0 times
...
...
Aleshia
1 year ago
I was thinking the same thing as Georgeanna. Option A is the way to go. Much simpler than trying to manage OAuth tokens or creating a gateway.
upvoted 0 times
...
Georgeanna
1 year ago
Option A seems like the straightforward choice here. Granting the appropriate IAM roles to the VM service accounts is the Google-recommended way to authenticate to the required services.
upvoted 0 times
Phung
1 year ago
D) Creating a gateway using a Cloud Function and granting the Cloud Function service account the IAM roles could also work.
upvoted 0 times
...
Vallie
1 year ago
A) But the Google-recommended way is to grant the IAM roles directly to the VM service accounts.
upvoted 0 times
...
Breana
1 year ago
B) I think using VM access scopes to grant the appropriate Cloud Pub/Sub IAM roles is a better option.
upvoted 0 times
...
Demetra
1 year ago
A) Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
upvoted 0 times
...
...
Lindsey
1 year ago
I'm not sure, but I think option C) Generate an OAuth2 access token and store it in Cloud Storage could also be a valid approach.
upvoted 0 times
...
Percy
1 year ago
I agree with Alica. It makes sense to grant the necessary IAM roles to the VM service accounts for authentication.
upvoted 0 times
...
Alica
1 year ago
I think the answer is A) Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles.
upvoted 0 times
...

Save Cancel