Question 19

Question

You are creating an internal App Engine application that needs to access a user’s Google Drive on the
user’s behalf. Your company does not want to rely on the current user’s credentials. It also wants to
follow Google- recommended practices.
What should you do?

Accepted Answer

Create a new service account, and grant it G Suite domain-wide delegation. Have the application
use it to impersonate the user.

DirectAuditor5138 · Answer

I don’t think A or B work here since they’d only make users able to use the service account, not impersonate real user data. C is tempting but giving the app raw admin creds is a big no from Google’s best practices. D is right, service account with domain-wide delegation is designed exactly for this kind of scenario. If I missed something, let me know.

Mason K. · Answer

D is the right pick here. Service account with domain-wide delegation lets your app access user data (like Drive) without needing end-user credentials, fits Google best practices. A/B would only give service account permissions but can't impersonate users. C is a red herring-using an admin account directly isn't recommended for automation or security. Pretty sure about D, but let me know if I've missed something important.

SeanG · Answer

A isn’t enough for acting on the user’s behalf, D is right. Domain-wide delegation lets the app impersonate users securely without their credentials, which matches what Google recommends. Saw similar in practice Qs, but open if I missed something.

Mia J. · Answer

Its D

Aisha · Answer

D is correct

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE