ASSOCIATE-CLOUD-ENGINEER · Question #406
ASSOCIATE-CLOUD-ENGINEER Question #406: Real Exam Question with Answer & Explanation
The correct answer is B: Enable service account impersonation, and use the gcloud config set command to use it by. Service account impersonation allows local testing without storing or exposing long-lived service account keys. It is the most secure recommended method because no private key files are downloaded, and gcloud can impersonate the service account directly.
Question
You are writing a shell script that includes a few gcloud CLI commands to access some Google Cloud resources. You want to test the script in your local development environment with a service account in the most secure way. What should you do?
Options
- AGenerate an ID token for the service account. Use the token with the gcloud CLI commands.
- BEnable service account impersonation, and use the gcloud config set command to use it by
- CDownload the service account key file and save it in a secure location. Set the
- DDownload the service account key file, and use it to generate an access token. Use the token with
Explanation
Service account impersonation allows local testing without storing or exposing long-lived service account keys. It is the most secure recommended method because no private key files are downloaded, and gcloud can impersonate the service account directly.
Community Discussion
No community discussion yet for this question.