Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Network Engineer Exam - Topic 2 Question 41 Discussion

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.What should you do?
C) Grant the read-only privilege to the service account for the Cloud Storage bucket.
A) Grant the compute.instanceAdmin to your user account.
B) Grant the iam.serviceAccountUser to your user account.
D) Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.

Google Professional Cloud Network Engineer Exam - Topic 2 Question 41 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 41
Topic #: 2
[All Professional Cloud Network Engineer Questions]

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Leota at May 04, 2022, 07:28 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Valentine
7 months ago
Surprised no one mentioned the importance of IAM roles here!
upvoted 0 times
...
Beata
7 months ago
Totally agree with C, read-only is the way to go!
upvoted 0 times
...
Shoshana
8 months ago
Wait, why would you grant compute.instanceAdmin? That sounds excessive.
upvoted 0 times
...
Elenor
8 months ago
I disagree, D seems more appropriate for broader access.
upvoted 0 times
...
Daniel
8 months ago
C is the best choice for least privilege!
upvoted 0 times
...
Lenny
8 months ago
I think granting cloud-platform privilege is also too much. We should stick to specific permissions for the Cloud Storage bucket instead.
upvoted 0 times
...
Merlyn
8 months ago
I feel like we did a similar practice question where we had to limit permissions. Granting iam.serviceAccountUser doesn't seem like it would help with file access directly.
upvoted 0 times
...
Thora
8 months ago
I'm not entirely sure, but I think granting compute.instanceAdmin is too broad for just accessing files in a bucket.
upvoted 0 times
...
Shawna
8 months ago
I remember we talked about least privilege in class, so I think granting read-only access to the service account might be the right choice.
upvoted 0 times
...
Cordie
8 months ago
Option B looks like the easiest solution - just update the existing file system's storage and throughput settings. That way, I don't have to worry about backups or restoring anything. As long as I can do it during a maintenance window, that seems like the least administrative effort.
upvoted 0 times
...
Angella
8 months ago
This looks straightforward. I'll multiply the manual rate ($200) by 0.7, the experience claims by 0.3, add those together, then add the $3 retention charge.
upvoted 0 times
...
Roy
8 months ago
I've got a good handle on the overall scenario. I'll focus on evaluating each option individually to find the false statements.
upvoted 0 times
...
Kati
8 months ago
This question seems pretty straightforward. I think the key is to identify the evidence that the Contract Centralization pattern is not fully applied, based on the information provided in the scenario.
upvoted 0 times
...

Save Cancel