ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 28 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 28
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a
Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

  • A. Grant the compute.instanceAdmin to your user account.
  • B. Grant the iam.serviceAccountUser to your user account.
  • C. Grant the read-only privilege to the service account for the Cloud Storage bucket.
  • D. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mozammil89 at March 12, 2020, 11:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Barry123456
Highly Voted 4 years, 6 months ago
Who posts these answers? It's C!
upvoted 26 times
...
mozammil89
Highly Voted 4 years, 10 months ago
Correct answer is C
upvoted 11 times
...
saraali
Most Recent 5 months, 3 weeks ago
Selected Answer: C
The correct option is C. To follow the least privilege principle, you should only grant the service account the minimum permissions required to perform the necessary actions. In this case, to allow the automation to retrieve files from Cloud Storage, granting read-only access to the bucket is the most restrictive and appropriate permission. This ensures the service account can access and retrieve the files without granting unnecessary permissions.
upvoted 1 times
...
xhilmi
1 year, 1 month ago
Selected Answer: C
To adhere to the principle of least privilege in an automation scenario requiring file retrieval from a Cloud Storage bucket, it is advisable to choose option C, which involves granting read-only privileges (e.g., roles/storage.objectViewer) specifically to the service account associated with the task. This approach ensures that the service account has the minimum necessary permissions to access and retrieve files from the designated Cloud Storage bucket, reducing the risk of unauthorized actions and maintaining a more secure and focused access control. Options A and B provide broader permissions that go beyond the specific requirement, while option D grants excessive privileges across various services, deviating from the principle of least privilege.
upvoted 1 times
...
Komal697
1 year, 10 months ago
Selected Answer: C
Option C is the most appropriate solution for this scenario, as it provides the least privilege required for the automation to retrieve files from a Cloud Storage bucket. Granting read-only privilege to the service account for the Cloud Storage bucket will allow the automation to only access the files within the bucket without the ability to modify or delete them. Option A is not appropriate, as granting the compute.instanceAdmin privilege to the user account would give it more privileges than necessary, and is not directly related to accessing the Cloud Storage bucket. Option B is also not appropriate, as granting the iam.serviceAccountUser privilege to the user account would not directly allow it to access the Cloud Storage bucket. Option D is overly permissive, as granting the cloud-platform privilege to the service account for the Cloud Storage bucket would provide unnecessary access to all Google Cloud services, which could pose security risks.
upvoted 1 times
...
pk349
2 years ago
C. Grant the read-only privilege to the service account for the Cloud Storage bucket.
upvoted 1 times
...
AzureDP900
2 years, 2 months ago
C is right https://cloud.google.com/storage/docs/access-control/iam-permissions#bucket_permissions
upvoted 1 times
...
GCP72
2 years, 5 months ago
Selected Answer: C
Correct Answer is C
upvoted 2 times
...
tycho
2 years, 12 months ago
little to do with networking exam
upvoted 5 times
...
kumarp6
3 years, 1 month ago
Answer is : C
upvoted 2 times
...
yas_cloud
3 years, 1 month ago
Selected Answer: C
Answer should be C.
upvoted 2 times
...
SonamDhingra
3 years, 1 month ago
Selected Answer: C
Who posts these answers? It's C!
upvoted 1 times
...
Arad
3 years, 2 months ago
Definitely C is correct.
upvoted 1 times
...
Arvinder
3 years, 8 months ago
Indeed, it' C.
upvoted 4 times
...
Vidyasagar
3 years, 10 months ago
Correct Answer is C
upvoted 1 times
...
pentium2000
3 years, 10 months ago
C indeed.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel