Your company pushes batches of sensitive transaction data from its application server VMs to Cloud Pub/Sub for processing and storage. What is the Google- recommended way for your application to authenticate to the required Google Cloud services?
Choose an answer
Tap an option to check your answer.
Correct answer: Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles..
Why this is the answer
The recommended and most secure way for applications running on Google Cloud VMs to authenticate to other Google Cloud services is by using service accounts. Each VM is associated with a service account, and by granting this service account the necessary IAM roles (e.g., roles/editor or roles/pubsub.publisher for Pub/Sub), the application can securely access the service without needing to manage explicit credentials. The second option is incorrect because VM access scopes define the default permissions for the VM's service account to access Google Cloud APIs, but IAM roles on the service account itself are the definitive way to grant specific permissions. The third option is insecure and complex; storing access tokens manually is not recommended. The fourth option introduces unnecessary complexity and latency by routing through a Cloud Function when direct access is possible and secure.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed