nerdexam
ExamsPROFESSIONAL-CLOUD-DEVELOPERQuestions#113
GoogleGoogle

PROFESSIONAL-CLOUD-DEVELOPER · Question #113

PROFESSIONAL-CLOUD-DEVELOPER Question #113: Real Exam Question with Answer & Explanation

The correct answer is D: Create a new service account that has a custom IAM role to access the resources. The deployer. https://cloud.google.com/functions/docs/securing/function-identity#individual In order to deploy a function with a user-managed service account, the deployer must have the iam.serviceAccounts.actAs permission on the service account being deployed.

Implementing Security

Question

You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using the principle of least privilege. What should you do?

Options

  • ACreate a new service account that has Editor authority to access the resources. The deployer is
  • BCreate a new service account that has a custom IAM role to access the resources. The deployer
  • CCreate a new service account that has Editor authority to access the resources. The deployer is
  • DCreate a new service account that has a custom IAM role to access the resources. The deployer

Explanation

https://cloud.google.com/functions/docs/securing/function-identity#individual In order to deploy a function with a user-managed service account, the deployer must have the iam.serviceAccounts.actAs permission on the service account being deployed.

Topics

#Cloud Functions#IAM#Service Accounts#Least Privilege

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-CLOUD-DEVELOPER PracticeBrowse All PROFESSIONAL-CLOUD-DEVELOPER Questions