Google Cloud Associate Cloud Engineer — Question 40

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

Answer options

• A. When creating the VM via the web console, specify the service account under the 'Identity and API Access' section.
• B. Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service- account.
• C. Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine- service-account.
• D. Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service- account.json.

Correct answer: A

Explanation

The correct answer is A because specifying the service account during the VM creation process ensures that the VM uses the intended account for authentication. Options B, C, and D are incorrect as they involve downloading the JSON key and do not set the service account directly for the VM, which is necessary for proper access to Cloud SQL.