Google Cloud Associate Cloud Engineer — Question 267

You are developing an application that will be deployed on Google Cloud. The application will use a service account to retrieve data from BigQuery. Before you deploy your application, you want to test the permissions of this service account from your local machine to ensure there will be no authentication issues. You want to ensure that you use the most secure method while following Google-recommended practices. What should you do?

Answer options

• A. Generate a service account key, and configure the gcloud CLI to use this key. Issue a relevant BigQuery request through the gdoud CLI to test the access.
• B. Grant the service account the BigQuery Administrator IAM role to ensure the service account has all required access.
• C. Configure the gcloud CLI to use service account impersonation. Issue a relevant BigQuery request through the gcloud CLI to test the access.
• D. Configure the gcloud CLI with Application Default Credentials using your user account. Issue a relevant BigQuery request through the gcloud CLI to test the access.

Correct answer: C

Explanation

The correct answer is C because using service account impersonation allows you to test the permissions of the service account without exposing keys, aligning with Google's security best practices. Option A is incorrect as generating a service account key poses security risks. Option B grants excessive permissions, which is not advisable when testing. Option D uses user account credentials instead of testing the service account directly, which defeats the purpose.