Multiple Choice
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?
A) Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance's IP address and allows the application to read from the bucket without credentials.
B) Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance.
C) Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata.
D) Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key.
Correct Answer:
Verified
Correct Answer:
Verified
Q26: A customer wants to move their sensitive
Q27: Your team wants to limit users with
Q28: A customer wants to deploy a large
Q29: An employer wants to track how bonus
Q30: A company has redundant mail servers in
Q32: An organization adopts Google Cloud Platform (GCP)
Q33: A customer needs to prevent attackers from
Q34: Which two implied firewall rules are defined
Q35: In order to meet PCI DSS requirements,
Q36: Your team sets up a Shared VPC