Google Cloud Professional Cloud Network Engineer — Question 1

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a
Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

Answer options

• A. Grant the compute.instanceAdmin to your user account.
• B. Grant the iam.serviceAccountUser to your user account.
• C. Grant the read-only privilege to the service account for the Cloud Storage bucket.
• D. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.

Correct answer: C

Explanation

The correct answer is C because granting read-only access to the service account allows it to retrieve files from the Cloud Storage bucket without excessive permissions. Options A and B do not provide the necessary access to the Cloud Storage bucket, while option D grants too many privileges, violating the least privilege principle.