Google Cloud Professional Cloud Developer — Question 122

You are deploying your application on a Compute Engine instance that communicates with Cloud SQL. You will use Cloud SQL Proxy to allow your application to communicate to the database using the service account associated with the application's instance. You want to follow the Google-recommended best practice of providing minimum access for the role assigned to the service account. What should you do?

Answer options

• A. Assign the Project Editor role.
• B. Assign the Project Owner role.
• C. Assign the Cloud SQL Client role.
• D. Assign the Cloud SQL Editor role.

Correct answer: C

Explanation

The correct choice is C, as the Cloud SQL Client role provides the necessary access for the application to connect to Cloud SQL without granting excessive permissions. Options A and B provide broader permissions than needed, which violates the principle of least privilege. Option D, while related to Cloud SQL, allows for editing capabilities that are not necessary for simply connecting to the database.