You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm.
What should you do?
A . Download the private key from the service account, and add it to each VMs custom metadata.
B . Download the private key from the service account, and add the private key to each VM’s SSH keys.
C . Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
D . When creating the VMs, set the service account’s API scope for Compute Engine to read/write.
Answer: C
Explanation:
https://gtseres.medium.com/using-service-accounts-across-projects-in-gcp-cf9473fef8f0
You create the service account in proj-sa and take note of the service account email, then you go to proj-vm in IAM > ADD and add the service account’s email as new member and give it the Compute Storage Admin role.
https://cloud.google.com/compute/docs/access/iam#compute.storageAdmin
Latest Associate Cloud Engineer Dumps Valid Version with 181 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund