ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 149 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 149
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?

  • A. Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.
  • B. Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.
  • C. Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.
  • D. Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by koo_kai at Oct. 28, 2023, 8:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
xhilmi
8 months ago
Selected Answer: C
Vote (option C). This option involves creating an attestation for the builds that pass the load test using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity. Workload Identity allows you to securely authenticate to Google Cloud services from your GKE clusters without the need for storing and managing service account keys. By using Cloud KMS for key storage and Workload Identity for authentication, you enhance the security of your pipeline. This approach aligns with Google's best practices for managing cryptographic keys and ensures a more secure and manageable setup for attesting builds before deployment to the production GKE environment.
upvoted 2 times
...
nqthien041292
8 months ago
Selected Answer: C
Vote C
upvoted 1 times
...
mshafa
9 months ago
Selected Answer: C
Workload Identity allows workloads in your GKE clusters to impersonate Identity and Access Management (IAM) service accounts to access Google Cloud services. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
upvoted 2 times
...
lelele2023
9 months, 1 week ago
Selected Answer: C
"you're configuring your CI/CD pipeline natively on Google Cloud", natively hints to use workload identity which is similar to ec2 instance profile.
upvoted 2 times
...
koo_kai
9 months, 1 week ago
Selected Answer: C
Workload Identity https://cloud.google.com/iam/docs/best-practices-for-using-workload-identity-federation
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel