🔥 40% Off Crucial Exams Memberships — Deal ends today!

28 minutes, 50 seconds remaining!
Crucial Exams

GCP Associate Cloud Engineer Practice Question

A security policy limits external credentials to 10 minutes. Each night, a Cloud Build job must hand a third-party CI server an OAuth 2.0 access token for the service account [email protected] so the CI server can publish a few Pub/Sub messages. Long-lived service-account keys are forbidden. How should the build obtain and pass the required short-lived token?

  • Call the IAM Credentials API generateAccessToken for ci-publisher with a 600-second lifetime; ensure Cloud Build holds roles/iam.serviceAccountTokenCreator on that account.

  • Execute gcloud auth print-access-token --impersonate-service-account=ci-publisher@proj.iam.gserviceaccount.com and pass the resulting token to the CI server.

  • Run gcloud iam service-accounts keys create during the build to generate a JSON key for ci-publisher and send the key file to the CI server.

  • Grant the CI server roles/pubsub.publisher on the project and let it authenticate using Application Default Credentials instead of a key.

GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot