ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 132 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 132
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

Your company uses Jenkins running on Google Cloud VM instances for CI/CD. You need to extend the functionality to use infrastructure as code automation by using Terraform. You must ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. You want to follow Google-recommended practices. What should you do?

  • A. Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions.
  • B. Use the Terraform module so that Secret Manager can retrieve credentials.
  • C. Create a dedicated service account for the Terraform instance. Download and copy the secret key value to the GOOGLE_CREDENTIALS environment variable on the Jenkins server.
  • D. Add the gcloud auth application-default login command as a step in Jenkins before running the Terraform commands.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by lelele2023 at Nov. 3, 2023, 6:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
shashankrathore
Highly Voted 1 year, 2 months ago
Selected Answer: A
Downloading and setting Env Variable has potential to expose such high-level access to users . where as a dedicated SA attached to VM does not expose any credentials at all. running tf by default would use SA attached to VM.
upvoted 5 times
...
alpha_canary
Highly Voted 1 year, 2 months ago
Selected Answer: A
Not chosing C because this works, but involves manually managing the key, which can be error-prone and less secure compared to using attached service accounts.
upvoted 5 times
...
ccpmad
Most Recent 7 months, 2 weeks ago
Selected Answer: A
Is not C: "Download and copy the secret key value..." lol
upvoted 1 times
...
Rosek93
7 months, 4 weeks ago
Selected Answer: A
https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#running-terraform-on-google-cloud
upvoted 1 times
...
surfer111
8 months, 2 weeks ago
Go with A. C introduces risk that if anyone gets your downloaded key that they can spin up any resources they want.
upvoted 1 times
...
xhilmi
1 year, 4 months ago
Selected Answer: C
Choose (option C). Creating a dedicated service account for the Terraform instance is a best practice as it allows for fine-grained control over permissions. By downloading and copying the secret key value to the GOOGLE_CREDENTIALS environment variable on the Jenkins server, you securely provide the necessary credentials to Terraform. This approach minimizes security risks associated with manual handling of secret keys and adheres to the principle of least privilege by assigning only the required IAM permissions to the dedicated service account for Terraform automation.
upvoted 1 times
ccpmad
7 months, 2 weeks ago
stop using chatgpt
upvoted 1 times
...
tell3r
11 months, 2 weeks ago
A is safer
upvoted 1 times
...
...
nqthien041292
1 year, 4 months ago
Selected Answer: C
Vote C
upvoted 1 times
...
Andrei_Z
1 year, 5 months ago
Selected Answer: C
using keys with the service account is against best practice but in this case it is the only answer that makes sense I guess...
upvoted 1 times
...
pharao89
1 year, 5 months ago
Selected Answer: C
C is the correct answer. A can't be since the terraform doesn't use the instance's service account for such operations. Think of it as running terraform on your local PC. You still need to somehow provide credentials to the cloud and envariable can be one of the solutions.
upvoted 3 times
...
Billbalaji
1 year, 5 months ago
Selected Answer: C
The best way to ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources and follow Google-recommended practices is to create a dedicated service account for the Terraform instance and download and copy the secret key value to the GOOGLE_CREDENTIALS environment variable on the Jenkins server.
upvoted 1 times
...
mshafa
1 year, 5 months ago
A is the answer.
upvoted 3 times
...
lelele2023
1 year, 5 months ago
Selected Answer: A
I go for A as it looks to be the fundamental thing at least.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago