What service account key-management strategy should you recommend?


JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.

What service account key-management strategy should you recommend?
A . Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
B . Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
C . Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
D . Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs

Answer: C

Explanation:

Migrating data to Google Cloud Platform

Let’s say that you have some data processing that happens on another cloud provider and you want to transfer the processed data to Google Cloud Platform. You can use a service account from the virtual machines on the external cloud to push the data to Google Cloud Platform. To do this, you must create and download a service account key when you create the service account and then use that key from the external process to call the Cloud Platform APIs.

References:

https://cloud.google.com/iam/docs/understanding-service­accounts#migrating_data_to_google_cloud_platform

Leave a Reply

Your email address will not be published.