Google Professional Cloud Developer Exam - Topic 7 Question 60 Discussion

Actual exam question for Google's Professional Cloud Developer exam

Question #: 60
Topic #: 7

[All Professional Cloud Developer Questions]

Your team is developing an application in Google Cloud that executes with user identities maintained by Cloud Identity. Each of your application's users will have an associated Pub/Sub topic to which messages are published, and a Pub/Sub subscription where the same user will retrieve published messages. You need to ensure that only authorized users can publish and subscribe to their own specific Pub/Sub topic and subscription. What should you do?

ABind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.

BGrant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.

CGrant the user identity a custom role that contains the pubsub.topics.create and pubsub.subscriptions.create permissions.

DConfigure the application to run as a service account that has the pubsub.publisher and pubsub.subscriber roles.

Show Suggested Answer

Suggested Answer: C

by Gail at Nov 20, 2022, 06:47 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Developer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ettie

5 months ago

Wait, can we really bind roles at the resource level? That's new to me!

upvoted 0 times

...

Chandra

5 months ago

D sounds like a workaround, but is it secure enough?

upvoted 0 times

...

Stevie

6 months ago

C is interesting, but does it really limit access as needed?

upvoted 0 times

...

Ty

6 months ago

I disagree, B would give too much access at the project level.

upvoted 0 times

...

Chaya

6 months ago

A seems like the right choice for user-specific access.

upvoted 0 times

...

Robt

6 months ago

Running the application as a service account sounds familiar, but I wonder if that would limit user-specific access to their own topics.

upvoted 0 times

...

Leatha

6 months ago

I practiced a similar question where we had to assign permissions, and I feel like a custom role could work, but I can't recall the exact permissions needed.

upvoted 0 times

...

Claudio

6 months ago

I think granting roles at the project level might be too broad. We need to restrict access to specific topics and subscriptions, right?

upvoted 0 times

...

Tashia

6 months ago

I remember something about binding roles at the resource level, but I'm not entirely sure if that's the best approach for individual user access.

upvoted 0 times

...

Kati

6 months ago

Hmm, I'm a bit confused by all the hashing and encryption steps. Let me re-read this a few times to make sure I grasp what's happening.

upvoted 0 times

...

Malinda

6 months ago

I'm pretty confident about this one. I know that service tasks can be configured to invoke processes or services asynchronously, and that you can use a service task to invoke a BPEL process.

upvoted 0 times

...

Graham

6 months ago

Okay, I think I've got this. The key is understanding when you'd want separate Product Backlogs versus a single one. I'll focus on the details in each answer choice.

upvoted 0 times

...

Belen

6 months ago

Device Seizure sounds like the most likely option here. It's a tool specifically designed for forensic data collection and preservation, so that's my best guess.

upvoted 0 times

...