🔥 3-day streak
Professional Cloud Security Engineer150 / 152
Question 150 of 152

Your company runs a batch analytics workload on an on-premises Hadoop cluster that must read data from a Cloud Storage bucket. The security team has mandated that no long-lived service account keys be created or distributed to external systems. The on-premises identity provider issues OIDC tokens for the cluster's service identity. What is the recommended way to grant the on-premises workload access to Cloud Storage while satisfying the security mandate?

Reviewed for accuracy · Report an issueNext question