Google Cloud Professional Cloud Developer — Question 194

You are developing an application that will handle requests from end users. You need to secure a Cloud Function called by the application to allow authorized end users to authenticate to the function via the application while restricting access to unauthorized users. You will integrate Google Sign-In as part of the solution and want to follow Google-recommended best practices. What should you do?

Answer options

• A. Deploy from a source code repository and grant users the roles/cloudfunctions.viewer role.
• B. Deploy from a source code repository and grant users the roles/cloudfunctions.invoker role
• C. Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.admin role
• D. Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.developer role

Correct answer: B

Explanation

The correct answer is B, as granting the roles/cloudfunctions.invoker role allows users to invoke the Cloud Function, which is essential for authenticated access via Google Sign-In. Option A provides only viewer access, which does not permit invocation, while options C and D assign administrative and developer roles, which are unnecessary and too permissive for this scenario.