ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 191 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 191
Topic #: 1
[All Professional Cloud Developer Questions]

You have an application deployed in Google Kubernetes Engine (GKE). You need to update the application to make authorized requests to Google Cloud managed services. You want this to be a one-time setup, and you need to follow security best practices of auto-rotating your security keys and storing them in an encrypted store. You already created a service account with appropriate access to the Google Cloud service. What should you do next?

  • A. Assign the Google Cloud service account to your GKE Pod using Workload Identity.
  • B. Export the Google Cloud service account, and share it with the Pod as a Kubernetes Secret.
  • C. Export the Google Cloud service account, and embed it in the source code of the application.
  • D. Export the Google Cloud service account, and upload it to HashiCorp Vault to generate a dynamic service account for your application.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by zellck at Dec. 13, 2022, 1:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
__rajan__
10 months, 2 weeks ago
Selected Answer: A
A is correct.
upvoted 1 times
...
purushi
12 months ago
Selected Answer: A
Service account with proper IAM configurations already exists. We should link the existing service account with GKE pod as workload identity. This applies to all the pods running within a cluster.
upvoted 2 times
...
NewComer200
1 year, 3 months ago
Selected Answer: A
https://cloud.google.com/iam/docs/best-practices-service-accounts#use-workload-identity
upvoted 2 times
...
Pime13
1 year, 5 months ago
Selected Answer: A
workload identity
upvoted 1 times
...
TNT87
1 year, 7 months ago
Answer A
upvoted 1 times
...
sharath25
1 year, 7 months ago
Selected Answer: A
option A
upvoted 1 times
...
zellck
1 year, 7 months ago
Selected Answer: A
A is the answer. https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs. Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel