Crucial Exams

GCP Associate Cloud Engineer Practice Question

Your on-premises CI server uploads build artifacts to a Cloud Storage bucket in your Google Cloud project. The build job executes every 30 minutes and already runs under a user account that is allowed to impersonate the service account ci-uploader@example. A new security policy forbids storing any long-lived service account key files on the server. Which method will let the job authenticate to Cloud Storage while complying with the policy?

  • Invoke gcloud auth print-access-token --impersonate-service-account=ci-uploader@example at the start of each build and supply the returned token to gsutil.

  • Enable Cloud Storage HMAC credentials for ci-uploader@example and embed the secret key pair directly in the build script.

  • Grant the Storage Object Admin role to the user account that runs the job so it can bypass the service account entirely.

  • Generate a new JSON key for ci-uploader@example, encrypt it, and decrypt it during each build before running gcloud auth activate-service-account.

GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot