Crucial Exams

GCP Associate Cloud Engineer Practice Question

Your team deploys a Compute Engine instance that pulls reference data from the Cloud Storage bucket gs://finance-data and then writes structured application logs to Cloud Logging. The instance must perform no other Google Cloud operations. Following the principle of least privilege, how should you configure IAM for the instance?

  • Create a user-managed service account, attach it to the instance, and grant it the Storage Admin role on the bucket.

  • Use the Compute Engine default service account and grant it the Editor role on the project.

  • Allow the instance's service account to impersonate your developer account, which already has Owner on the project.

  • Create a user-managed service account, attach it to the instance, grant the Storage Object Viewer role on gs://finance-data and the Logging Log Writer role on the project.

GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot