Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud Architect topic 1 question 10 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 10
Topic #: 1
[All Professional Cloud Architect Questions]

You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to
BigQuery.
What should you do to fix the script?

  • A. Install the latest BigQuery API client library for Python
  • B. Run your script on a new virtual machine with the BigQuery access scope enabled
  • C. Create a new service account with BigQuery access and execute your script with that user
  • D. Install the bq component for gcloud with the command gcloud components install bq.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by KouShikyou at Oct. 23, 2019, 8 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
kalschi
Highly Voted 4 years, 5 months ago
A - If client library was not installed, the python scripts won't run - since the question states the script reports "cannot connect" - the client library must have been installed. so it's B or C. B - https://cloud.google.com/bigquery/docs/authorization an access scope is how your client application retrieve access_token with access permission in OAuth when you want to access services via API call - in this case, it is possible that the python script use an API call instead of library, if this is true, then access scope is required. client library requires no access scope (as it does not go through OAuth) C - service account is Google Cloud's best practice So prefer C.
upvoted 95 times
Vika
3 years, 2 months ago
agreed to comment here . C seems like a good option
upvoted 4 times
...
rishab86
2 years, 7 months ago
Access scopes are the legacy method of specifying permissions for your instance. read from > https://cloud.google.com/compute/docs/access/service-accounts . So , I would go with C
upvoted 10 times
...
MQQNB
1 year, 8 months ago
agree access scope is enabled by default https://cloud.google.com/bigquery/docs/authorization#authenticate_with_oauth_20 If you use the BigQuery client libraries, you do not need this information, as this is done for you automatically.
upvoted 2 times
...
Musk
3 years, 10 months ago
Might be an old version
upvoted 4 times
...
Load full discussion...
...
KouShikyou
Highly Voted 4 years, 6 months ago
Why not B? It looks better for me.
upvoted 13 times
tartar
3 years, 9 months ago
C is ok
upvoted 11 times
tartar
3 years, 8 months ago
Sorry, B is ok. You can create service account, add user to service account, and grant the user role as Service Account User. You still need to enable BigQuery scope to make the Python script running the instance to access BigQuery.
upvoted 15 times
cloudguy1
3 years, 8 months ago
Stop confusing people, B) doesn't make any sense. Why would you use or create a whole new VM just because of a permission issue? If anything, just stop the instance and edit the scope of the default Compute Service Account and grant it the role through IAM. C) is the most appropriate answer since you can only set scopes of the default Compute Service Account, if you're using any other, there's no scope option - its access is dictated strictly by IAM in such scenario. So C) is the answer: Stop the VM, change the Service Account with the appropriate permissions and done. B) would still need to have permission the set through IAM & Admin, the scope isn't enough with the default Compute Service Account.
upvoted 35 times
certificatores
3 years, 5 months ago
cloud guy1, relax. tartar is the hero for google cloud and if you read his answer, he explains the service account user's role granting on this one as that is the best practice
upvoted 3 times
...
Load full discussion...
...
...
...
techalik
3 years, 5 months ago
Configure the Python API to use a service account with relevant BigQuery access enabled. is the right answer. It is likely that this service account this script is running under does not have the permissions to connect to BigQuery and that could be causing issues. You can prevent these by using a service account that has the necessary roles to access BigQuery. Ref: https://cloud.google.com/bigquery/docs/reference/libraries#cloud-console A service account is a special kind of account used by an application or a virtual machine (VM) instance, not a person. Ref: https://cloud.google.com/iam/docs/service-accounts
upvoted 5 times
...
nitinz
3 years, 2 months ago
C, no brainer. You need SA for using API period. Thats where your start your troubleshooting.
upvoted 6 times
nitinz
3 years, 2 months ago
I stand corrected, B you need to have scope. It is union of Scope + Service Account. If scope is not there, you are screwed anyways.
upvoted 2 times
...
Ery
1 year, 4 months ago
Create a new service account with BigQuery access and execute your script with that user: If you want to run the script on an existing virtual machine, you can create a new service account with the necessary permissions to access BigQuery and then execute the script using that service account. This will allow the script to connect to BigQuery and access the data it needs.
upvoted 2 times
...
...
...
researched_answer_boi
Most Recent 1 week, 5 days ago
Selected Answer: C
You don't need to create a new VM to have different access scopes: https://cloud.google.com/compute/docs/access/service-accounts#accesscopesiam This weakens answer B. When a user-managed service account is attached to the instance, the access scope defaults to cloud-platform: https://cloud.google.com/compute/docs/access/service-accounts#scopes_best_practice See Step 6 in: https://cloud.google.com/compute/docs/instances/change-service-account#changeserviceaccountandscopes These facts leave C as the valid answer.
upvoted 2 times
...
santoshchauhan
1 month, 4 weeks ago
Selected Answer: C
C. Create a new service account with BigQuery access and execute your script with that user. Service accounts are used for server-to-server interactions, such as those between a virtual machine and BigQuery. You would need to create a service account that has the necessary permissions to access BigQuery, then download the service account key in JSON format. Once you have the key, you can set an environment variable (GOOGLE_APPLICATION_CREDENTIALS) to the path of the JSON key file before running your script, which will authenticate your requests to BigQuery.
upvoted 2 times
Powerboy
1 month, 3 weeks ago
better than creating and downloading a service account key would be to impersonate the service account
upvoted 1 times
...
...
tosinogunfile
3 months ago
The answer is C https://cloud.google.com/bigquery/docs/authentication For most services, you must attach the service account when you create the resource that will run your code; you cannot add or replace the service account later. Compute Engine is an exception—it lets you attach a service account to a VM instance at any time.
upvoted 1 times
...
hzaoui
3 months, 3 weeks ago
Selected Answer: C
Connecting to BigQuery from a script requires proper authorization. Service accounts provide a secure way to grant access without sharing user credentials.
upvoted 1 times
...
public_figure
4 months, 1 week ago
It should be B, Script cannot be run by user and user cannot be assigned with Service account, SA can be assigned to a VM
upvoted 1 times
...
thewalker
5 months, 4 weeks ago
C Best practice is that SA with least privilege from a CE should access BQ.
upvoted 1 times
...
spatters
6 months ago
B is silly because there's no need to create a new VM just to change the access scope. You can edit the existing VM's access scope, although you do have to stop it first.
upvoted 1 times
...
yilexar
7 months, 2 weeks ago
Closest is C. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#gcloud The confusion part is that it should never use the word user to represent service account
upvoted 1 times
...
duzapo
8 months ago
Selected Answer: C
Recomended best practice
upvoted 2 times
...
heretolearnazure
8 months, 2 weeks ago
you need service account to access any service in Google
upvoted 1 times
...
lucaluca1982
9 months ago
Selected Answer: C
Service accounts provide a way to authenticate your application to Google Cloud services. When you create a service account, you can assign it specific roles that dictate what resources the service account can interact with, and how it can interact with them. In this case, you would assign the BigQuery access role to the service account, which would then be used to authenticate your script to BigQuery.
upvoted 4 times
...
BiddlyBdoyng
10 months, 2 weeks ago
You would need to create a new VM if you wanted to use the machines default service account as they can only be changed when the VM is created. But using a custom account with IAM roles is more inline with best practice so should be C.
upvoted 2 times
...
thiago286
11 months, 3 weeks ago
I am preparing for Google Professional Cloud Architect exam. I was able to access only limited questions here, if anyone has the entire questions please share them to my email address: [email protected] . Thank you in advance!
upvoted 1 times
...
FigVam
1 year ago
Selected Answer: C
service account, of course. AI agrees with me.
upvoted 2 times
...
FigVam
1 year ago
thanks Examtopics to allow the discussion! Some true answers exist only here.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel