Question-22: In order to come up with a suitable solution, you will need to have an in-depth knowledge of the TerramEarth case study. This is due to the fact that the case study functions as the foundation upon which this question is constructed. After gaining experience with cloud functions while working for your company, one of your team members came to you with the request to construct a new application that makes use of a few cloud services as the backend. In order to fulfil the requirements of one use case, a Cloud Function named func_show must execute a Cloud Function named func_get_data. You want func_get_data to only take calls from func_show rather than any other function. You should also adhere to the best practices that are advocated by Google. What is it that you ought to do?
A. Construct a token, and then use the func show function to send it in as an environment variable. When calling func_get_data, be sure to include the token in the request that you send. When using func get data, always use the same token, and if the tokens are different, the call should be rejected.
B. Make func_get_data 'Require authentication.' Create a unique service account and associate it to func_show. Grant the service account invoker role for func_get_data. Create an id token in func_show and include the token to the request when invoking func_get_data.
C. Make func_get_data 'Require authentication' and only accept internal traffic. Create those two functions in the same VPC. Create an ingress firewall rule for func_get_data to only allow traffic from func_show.
D. Make sure to create those two functions within the same virtual private cloud and project. Make it so that func get data will only accept traffic from the local network. Build an ingress firewall for the func get data function that will only let traffic from the func show function through. In addition to that, check to see that the two functions are using the same service account.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 2 Explanation: function that provides authentication for function calls. Include the service account for the calling function as a member of the receiving function, and provide that member invoker permissions for the cloud functions. You are going to need not just a service account (Authorization), but also an id token (Authentication) It is a good idea, when developing services that link several functions, to make sure that each function may only send requests to a specified subset of your other functions. This is something you should do while constructing the services. For example, if you have a login function, it should be able to access the user profiles function, but it probably shouldn't be able to access the search function. This is because the login function is used to access the user profiles function. It is necessary to provide the Cloud Functions Invoker (roles/cloudfunctions.invoker) role to the service account of the calling function on the receiving function in order to configure the receiving function to accept requests from the specified calling function. Because it will be contacting the function that will be receiving the call, the calling function is required to authenticate itself by providing a Google-signed ID token. This is a procedure that takes place in two steps: 1. Start by generating a Google-signed ID token with the audience field (aud) set to the URL of the function that will be receiving the token. 2. In the request that you send to the function, include the ID token in a header that is labelled Authorization: Bearer ID TOKEN.