ASSOCIATE-CLOUD-ENGINEER · Question #387
ASSOCIATE-CLOUD-ENGINEER Question #387: Real Exam Question with Answer & Explanation
The correct answer is C: Configure the gcloud CLI to use service account impersonation. Issue a relevant BigQuery request. Configuring the gcloud CLI to use service account impersonation is the most secure method. It allows you to test the permissions of the service account without creating and managing a service account key. This approach follows Google-recommended best practices because it avoids t
Question
You are developing an application that will be deployed on Google Cloud. The application will use a service account to retrieve data from BigQuery. Before you deploy your application, you want to test the permissions of this service account from your local machine to ensure there will be no authentication issues. You want to ensure that you use the most secure method while following Google-recommended practices. What should you do?
Options
- AGenerate a service account key, and configure the gcloud CLI to use this key. Issue a relevant
- BGrant the service account the BigQuery Administrator IAM role to ensure the service account has
- CConfigure the gcloud CLI to use service account impersonation. Issue a relevant BigQuery request
- DConfigure the gcloud CLI with Application Default Credentials using your user account. Issue a
Explanation
Configuring the gcloud CLI to use service account impersonation is the most secure method. It allows you to test the permissions of the service account without creating and managing a service account key. This approach follows Google-recommended best practices because it avoids the security risks associated with long-lived keys and ensures that you’re verifying the exact permissions that the service account will have when the application is deployed.
Community Discussion
No community discussion yet for this question.