Your company runs more than 500 Compute Engine VMs that were created from current Google-provided Linux and Windows images and all use the project's default Compute Engine service account. The security team wants to start using VM Manager so they can view package inventory and vulnerability findings for every VM in the Cloud console without having to install any additional software. What single action will allow the VMs to begin reporting this data as soon as possible while following the principle of least privilege?
Create a new custom service account that has the Cloud Platform role, attach it to every VM, and perform a rolling reboot.
Add the metadata key enable-osconfig=true at the project level; no API or IAM changes are necessary.
Grant the project's default Compute Engine service account the roles/editor role and then restart all VMs so the agent can refresh its credentials.
Enable the OS Config API (osconfig.googleapis.com) in the project; this creates the OS Config service agent with the roles/osconfig.serviceAgent role so the pre-installed agent can upload inventory and vulnerability data.
Current Google-provided images already include the OS Config agent, but it will not send package inventory or vulnerability data until the OS Config API is enabled. When you enable the osconfig.googleapis.com API in a project, Google Cloud automatically creates the service agent [email protected] and grants it the roles/osconfig.serviceAgent IAM role, which is sufficient for uploading inventory and vulnerability information. Because the running VMs already use the project's default Compute Engine service account, they immediately start reporting data-no reboots, metadata keys, or broader IAM roles are required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VM Manager in Google Cloud?
Open an interactive chat with Bash
What is the OS Config API and why is it required?
Open an interactive chat with Bash
What does 'principle of least privilege' mean in Google Cloud IAM?
Open an interactive chat with Bash
What is VM Manager in Google Cloud?
Open an interactive chat with Bash
What does the OS Config API do?
Open an interactive chat with Bash
What is the roles/osconfig.serviceAgent role?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Planning and implementing a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .