PROFESSIONAL-CLOUD-DEVELOPER · Question #25
You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B. What should you do?
The correct answer is B. Configure the instances with a service account owned by project A. Add the service account as a. The correct pattern for cross-project access is to attach a service account owned by the source project (Project A) to the Compute Engine instances, then grant that service account the appropriate IAM role on the resource in the destination project (Project B). This follows the p
Question
You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B. What should you do?
Options
- AConfigure the instances with a service account owned by project B. Add the service account as a
- BConfigure the instances with a service account owned by project A. Add the service account as a
- CConfigure Application Default Credentials to use the private key of a service account owned by
- DConfigure Application Default Credentials to use the private key of a service account owned by
How the community answered
(55 responses)- A15% (8)
- B71% (39)
- C5% (3)
- D9% (5)
Explanation
The correct pattern for cross-project access is to attach a service account owned by the source project (Project A) to the Compute Engine instances, then grant that service account the appropriate IAM role on the resource in the destination project (Project B). This follows the principle of least privilege and avoids managing private keys. Option A is incorrect because service accounts attached to Compute Engine instances must be in the same project as the instances. Options C and D require downloading and managing private key files, which introduces security risks and operational complexity compared to using service account metadata automatically available to instances via the metadata server.
Topics
Community Discussion
No community discussion yet for this question.