ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 150 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 150
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

  • A. Store the password in Secret Manager and send the secret to the application by using environment variables.
  • B. Store the password in Secret Manager and mount the secret as a volume within the application.
  • C. Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.
  • D. Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ABZ10 at Oct. 27, 2023, 9:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lelele2023
Highly Voted 8 months, 1 week ago
Selected Answer: B
Answer is B: https://cloud.google.com/run/docs/configuring/services/secrets "Mount each secret as a volume, which makes the secret available to the container as files. Reading a volume always fetches the secret value from Secret Manager, so it can be used with the latest version. This method also works well with secret rotation."
upvoted 10 times
...
xhilmi
Most Recent 7 months ago
Selected Answer: B
(Option B) By storing the password in Secret Manager and mounting the secret as a volume within the application, you can achieve password rotation without causing downtime. This allows you to update the password in Secret Manager, and Cloud Run can dynamically mount the latest version of the secret without requiring a redeployment of the application. This approach ensures that the application always has access to the latest password without interrupting its availability, providing a seamless and secure way to manage password rotation in a Cloud Run environment. Storing sensitive information like passwords in Secret Manager enhances security and separation of concerns.
upvoted 1 times
...
TereRolon
7 months, 3 weeks ago
I think is B for this "Mount each secret as a volume, which makes the secret available to the container as files. Reading a volume always fetches the secret value from Secret Manager, so it can be used with the latest version. This method also works well with secret rotation. Pass a secret using environment variables. Environment variables are resolved at instance startup time, so if you use this method, Google recommends that you pin the secret to a particular version rather than using latest." https://cloud.google.com/run/docs/configuring/services/secrets
upvoted 2 times
...
mshafa
8 months, 1 week ago
Selected Answer: B
You can make a secret available to your containers in either of two ways: Mount each secret as a volume, which makes the secret available to the container as files. Reading a volume always fetches the secret value from Secret Manager, so it can be used with the latest version. This method also works well with secret rotation. Pass a secret using environment variables. Environment variables are resolved at instance startup time, so if you use this method, Google recommends that you pin the secret to a particular version rather than using latest. https://cloud.google.com/run/docs/configuring/services/secrets
upvoted 4 times
...
khoukha
8 months, 2 weeks ago
answer is A: If you are exposing the secret as an environment variable: Supply the Name of the variable and select the secret version, or latest to always use the current secret version.
upvoted 1 times
...
Billbalaji
8 months, 2 weeks ago
Selected Answer: A
Answer is A The best solution is to store the password in Secret Manager and send the secret to the application by using environment variables. This will allow you to rotate the password without having to rebuild and deploy the application each time.
upvoted 2 times
...
ABZ10
8 months, 2 weeks ago
Selected Answer: B
Answer is B https://cloud.google.com/run/docs/configuring/services/secrets
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel