Google Cloud Professional Cloud Developer — Question 76

Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible.
What should you do?

Answer options

• A. Use HTTP signed URLs to securely provide access to the required resources.
• B. Use the instance's service account Application Default Credentials to authenticate to the required resources.
• C. Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.
• D. Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.

Correct answer: B

Explanation

The correct answer is B because using the instance's service account Application Default Credentials allows for secure authentication without the need to handle sensitive files. Options A, C, and D are less secure as they involve additional steps for credential handling, which can increase the risk of exposure.