Google Professional Cloud Developer Exam - Topic 4 Question 119 Discussion

Actual exam question for Google's Professional Cloud Developer exam

Question #: 119
Topic #: 4

[All Professional Cloud Developer Questions]

You have an application written in Python running in production on Cloud Run. Your application needs to read/write data stored in a Cloud Storage bucket in the same project. You want to grant access to your application following the principle of least privilege. What should you do?

ACreate a user-managed service account with a custom Identity and Access Management (IAM) role.

BCreate a user-managed service account with the Storage Admin Identity and Access Management (IAM) role.

CCreate a user-managed service account with the Project Editor Identity and Access Management (IAM) role.

DUse the default service account linked to the Cloud Run revision in production.

Show Suggested Answer

Suggested Answer: A

https://cloud.google.com/iam/docs/understanding-roles#storage.admin

by Dong at Apr 06, 2026, 10:28 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Developer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nu

4 days ago

I remember we talked about the principle of least privilege, but I'm not sure which IAM role would be the best fit for just reading and writing to Cloud Storage.

upvoted 0 times

...