ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 320 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 320
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are developing an application that runs on a Compute Engine VM. The application needs to access data stored in Cloud Storage buckets in other Google Cloud projects. The required access to the buckets is variable. You need to provide access to these resources while following Google- recommended practices. What should you do?

  • A. Limit the VMs access to the Cloud Storage buckets by setting the relevant access scope of the VM.
  • B. Create IAM bindings for the VM’s service account and the required buckets that allow appropriate access to the data stored in the buckets.
  • C. Grant the VM's service account access to the required buckets by using domain-wide delegation.
  • D. Create a group and assign IAM bindings to the group for each bucket that the application needs to access. Assign the VM's service account to the group.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by abdelrahman89 at Oct. 25, 2024, 2:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MoAk
5 months ago
Selected Answer: B
well explained below
upvoted 1 times
MoAk
5 months ago
https://cloud.google.com/iam/docs/best-practices-service-accounts#groups The reason why D is bad in case anyone was conflicted.
upvoted 3 times
...
...
vamgcp
5 months ago
Selected Answer: B
Directly assigning IAM bindings to the VM's service account for each Cloud Storage bucket provides the most secure and flexible way to manage access to your data. This approach adheres to the principle of least privilege and allows you to adapt to changing access requirements with ease. While groups can be useful for managing permissions for multiple VMs, it adds an extra layer of complexity when dealing with a single application on one VM.
upvoted 2 times
...
abdelrahman89
6 months, 1 week ago
Selected Answer: B
Answer B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago