Google Cloud Associate Cloud Engineer — Question 116

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

Answer options

• A. Assign appropriate access for Google services to the service account used by the Compute Engine VM.
• B. Create a service account with appropriate access for Google services, and configure the application to use this account.
• C. Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.
• D. Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Correct answer: A

Explanation

The correct answer is A because assigning the necessary permissions to the service account linked to the Compute Engine VM allows the application to access Google services securely and in accordance with best practices. Option B is incorrect as creating a new service account introduces unnecessary complexity. Options C and D are not recommended because storing credentials in a config file poses security risks and goes against best practices for credential management.