🔥 3-day streak
Professional Cloud Security Engineer133 / 152
Question 133 of 152
A data engineering team runs an on-premises batch job that must call the BigQuery API in Google Cloud. Security policy prohibits downloading and distributing long-lived service account key files. The on-premises environment cannot be enrolled in workload identity federation because it uses a legacy authentication broker that already holds valid Google credentials for a central automation service account. The team needs the batch job to act as a dedicated BigQuery service account without any exported key material. What is the most appropriate way to grant this access?
Reviewed for accuracy · Report an issueNext question