Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud DevOps Engineer topic 1 question 33 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 33
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

  • A. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
  • B. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
  • C. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
  • D. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by devopsbatch at June 2, 2021, 7:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
driftwood
Highly Voted 2 years, 9 months ago
C is the "best" from the choices given
upvoted 13 times
...
Charun
Highly Voted 2 years, 10 months ago
Answer C
upvoted 6 times
...
habla2019pasta
Most Recent 4 days, 1 hour ago
Selected Answer: C
Option C
upvoted 1 times
...
jomonkp
5 months, 2 weeks ago
Selected Answer: C
Option C
upvoted 1 times
...
calex1
8 months, 2 weeks ago
Selected Answer: C
C is the only viable option...
upvoted 1 times
...
JonathanSJ
1 year, 4 months ago
Selected Answer: C
The best option for securing application secrets while making it easier to rotate them in case of a security breach would be: C. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM. By storing secrets in Cloud Storage, you can take advantage of the security features provided by the platform and encrypt them using Cloud KMS, a GCP service that allows you to create, manage, and use encryption keys. This way you can control who has access to the secrets, and you can easily rotate the encryption keys in case of a security breach. Additionally, you can use IAM to give the CI/CD pipeline the necessary permissions to access the secrets and use them during the deployment process, without the need to store them in the source code or give access to them to specific developers.
upvoted 2 times
...
floppino
1 year, 4 months ago
Selected Answer: C
Ans: C Exam passed and taken on 19/12/2022, 50/50 from this dump without buying the full access and looking for 'devops' word here: https://www.examtopics.com/discussions/google/1/
upvoted 1 times
...
GCP72
1 year, 9 months ago
Selected Answer: C
Answer is C
upvoted 1 times
...
vijaigcp
2 years, 3 months ago
Selected Answer: C
Answer is C , https://cloud.google.com/security-key-management
upvoted 2 times
...
cyrus86
2 years, 3 months ago
Selected Answer: C
C is the answer
upvoted 1 times
...
alaahakim
2 years, 5 months ago
Ans : C
upvoted 1 times
...
akg001
2 years, 11 months ago
C is the best option.
upvoted 4 times
...
devopsbatch
2 years, 11 months ago
answer C storing secrets in cloud is better option
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel