Google Cloud Associate Cloud Engineer — Question 95

You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?

Answer options

• A. Download the private key from the service account, and add it to each VMs custom metadata.
• B. Download the private key from the service account, and add the private key to each VM's SSH keys.
• C. Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
• D. When creating the VMs, set the service account's API scope for Compute Engine to read/write.

Correct answer: C

Explanation

The correct answer is C because granting the service account the IAM Role of Compute Storage Admin in proj-vm allows it the necessary permissions to take snapshots of VMs. Options A and B are incorrect as they do not provide the required permissions, and D does not address the need for specific IAM roles for snapshot access.