Crucial Exams

GCP Associate Cloud Engineer Practice Question

Your organization is automating nightly exports from BigQuery to Cloud Storage using a Python script that runs on a Compute Engine VM. The job must run unattended, and access cannot rely on any employee's personal credentials. Which approach best provides the VM an identity that can be granted the required Storage and BigQuery permissions while following Google-recommended practices?

  • Create a Google Group that includes the VM instance and grant the required IAM roles to the group.

  • Enable OS Login on the VM and have a developer run gcloud auth application-default login so the script uses the developer's credentials.

  • Attach a user-managed service account to the VM instance and grant that service account Storage Object Admin and BigQuery Job User roles.

  • Generate a long-lived OAuth 2.0 client ID and secret, store them in instance metadata, and have the script request user tokens at each run.

GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot