Google Cloud Professional Cloud Developer — Question 62

You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B.
What should you do?

Answer options

• A. Configure the instances with a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.
• B. Configure the instances with a service account owned by project A. Add the service account as a publisher on the topic.
• C. Configure Application Default Credentials to use the private key of a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.
• D. Configure Application Default Credentials to use the private key of a service account owned by project A. Add the service account as a publisher on the topic

Correct answer: B

Explanation

The correct answer is B because the application in project A needs to use its own service account to authenticate and publish messages to the Cloud Pub/Sub topic. Options A and C incorrectly suggest using a service account from project B, which would not have the necessary permissions in project A. Option D also incorrectly proposes using project A's service account for authentication but does not address the necessary permissions for the topic.