Google Cloud Associate Cloud Engineer — Question 115

An application generates daily reports in a Compute Engine virtual machine (VM). The VM is in the project corp-iot-insights. Your team operates only in the project corp-aggregate-reports and needs a copy of the daily exports in the bucket corp-aggregate-reports-storage. You want to configure access so that the daily reports from the VM are available in the bucket corp-aggregate-reports-storage and use as few steps as possible while following Google-recommended practices. What should you do?

Answer options

• A. Move both projects under the same folder.
• B. Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.
• C. Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.
• D. Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.

Correct answer: B

Explanation

The correct answer is B because granting the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage allows it to directly write reports to the bucket. Option A does not address the access requirement. Option C introduces unnecessary complexity by involving a Shared VPC, which is not needed for this access. Option D compromises security by making the bucket public and is not a recommended practice.