🔥 3-day streak
Professional Cloud Architect107 / 169
Question 107 of 169

A financial services company runs a data-processing pipeline where an application on a Compute Engine VM needs to occasionally write results to a specific BigQuery dataset. Security policy forbids downloading long-lived service account key files and requires that access follow least-privilege principles. Developers must also be able to run the pipeline locally for testing using their own corporate identities without holding the pipeline's permissions permanently. What is the most secure design to grant the necessary access?

Reviewed for accuracy · Report an issueNext question