Hello Team,

Stuck between B & C,

You're deploying an application to a Compute Engine instance, and it's going to need to make calls to read
from Cloud Storage and Bigtable. You want to make sure you're following the principle of least privilege.
What's the easiest way to ensure the code can authenticate to the required Google Cloud APIs?
A. Create a new user account with the required roles. Store the credentials in Cloud Key Management
Service and download them to the instance in code.
B. Use the default Compute Engine service account and set its scopes. Let the code find the default
service account using "Application Default Credentials".
C. Create a new service account and key with the required limited permissions. Set the instance to use
the new service account. Edit the code to use the service account key.
D. Register the application with the Binary Registration Service and apply the required roles.