An application running on a Compute Engine instance needs to read data from a Cloud...

Google Professional-Cloud-Security-Engineer Question Answer

An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege.

Which option meets the requirement of your team?

Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance’s IP address and allows the application to read from the bucket without credentials.

Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance.

Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata.

Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key.

Google Professional-Cloud-Security-Engineer View All Questions

Google Professional-Cloud-Security-Engineer Summary

Vendor: Google
Product: Professional-Cloud-Security-Engineer
Update on: Sep 16, 2025
Questions: 266

Price: $52.5 ~~$149.99~~

Buy Now Professional-Cloud-Security-Engineer PDF + Testing Engine Pack

A customer’s company has multiple business units.

Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in...

Summer Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 45285der6

An application running on a Compute Engine instance needs to read data from a Cloud...

The Answer Is:

Explanation:

Google Professional-Cloud-Security-Engineer Summary

Payments We Accept

Contact Us