Google Professional Cloud Developer Exam - Topic 14 Question 57 Discussion

Actual exam question for Google's Professional Cloud Developer exam

Question #: 57
Topic #: 14

[All Professional Cloud Developer Questions]

Your team develops services that run on Google Cloud. You need to build a data processing service and will use Cloud Functions. The data to be processed by the function is sensitive. You need to ensure that invocations can only happen from authorized services and follow Google-recommended best practices for securing functions. What should you do?

AEnable Identity-Aware Proxy in your project. Secure function access using its permissions.

BCreate a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.

CCreate a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.

DCreate an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.

Show Suggested Answer

Suggested Answer: C

by Cyril at Sep 19, 2022, 04:09 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Developer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Vivan

4 months ago

B seems too limited, we need more than just Viewer role for sensitive data.

upvoted 0 times

...

Aide

4 months ago

Not sure about D, seems a bit complicated for just invoking a function.

upvoted 0 times

...

Dyan

4 months ago

Wait, isn't A a better option? IAP sounds more secure.

upvoted 0 times

...

Malcolm

4 months ago

Definitely agree with C! Invoker role is key here.

upvoted 0 times

...

Darci

4 months ago

I think option C is the best choice for securing function access.

upvoted 0 times

...

Huey

5 months ago

I’m a bit confused about the OAuth 2.0 client ID option. I don't recall using that in our practice sessions for securing Cloud Functions.

upvoted 0 times

...

Kaitlyn

5 months ago

I feel like option C sounds right because it specifically mentions the Invoker role, which seems crucial for allowing access.

upvoted 0 times

...

Ronny

5 months ago

I think enabling Identity-Aware Proxy might be overkill for this scenario. We practiced a similar question where service accounts were the focus.

upvoted 0 times

...

Cassi

5 months ago

I remember we discussed the importance of using service accounts for secure access, but I'm not sure if it's the Invoker role or something else.

upvoted 0 times

...

Sharee

5 months ago

I'm feeling pretty confident about this one. The JSON structure is clear, and Option D seems to be the correct way to get the list of interfaces.

upvoted 0 times

...

Xochitl

5 months ago

I'm pretty confident about this one. I think the answer is D - WSDL may be defined by a combination of style='rpc' and use='literal'.

upvoted 0 times

...

Teresita

5 months ago

Ah, I think I've got this one. The property name suggests it's related to the maximum file size limit in the system. And based on the options, it seems like this property controls that limit, but the tricky part is figuring out the exact scope. I'll need to think carefully about where content is created in ACS and match that to the options provided.

upvoted 0 times

...

Frederica

5 months ago

Self-service access management could be a good option, but I'll need to consider the specific requirements of the company. Roles and administrators might also be relevant.

upvoted 0 times

...

Cecil

5 months ago

This question seems straightforward, I think I can handle it.

upvoted 0 times

...