Exam Associate Cloud Engineer topic 1 question 42 discussion

it is good practice to use Secrets for confidential data (like API keys) and ConfigMaps for non-confidential data (like port numbers). B is correct.

B is correct answer https://cloud.google.com/kubernetes-engine/docs/concepts/secret

How could this possibly be C over B? "ConfigMap is similar to Secret except that you use a Secret for sensitive information and you use a ConfigMap to store non-sensitive data such as connection strings, public credentials, hostnames, and URLs."

Correct Answer: C

In my opinion also B is correct answer as secret manager will keep secret of all credentials and confidentiality.

why most answer by examtopics are wrong

B is correct because storing passwords in secrets is the GKE best practice

Storing database passwords, or any sensitive credentials, inside a ConfigMap is not recommended from a security standpoint. "B" it is!

b is correct as it good pracits to use secrrets for the passwords

correct answer is B, as secrets are used to store credentials and configmap is used to store the configuration

B is the right approach

B is correct.

B is the correct answer as configmap is configurations non confidential.

A common use case for a service is to use ConfigMaps to separate application code from configuration. ConfigMap is similar to Secret except that you use a Secret for sensitive information and you use a ConfigMap to store non-sensitive data such as connection strings, public credentials, hostnames, and URLs.

Answer B is the correct choice as it recommends storing the database password inside a Secret object, which is designed to securely store sensitive data like passwords, and then modifying the YAML file to populate the DB_PASSWORD environment variable from the Secret. Storing sensitive information such as passwords in plain text inside configuration files is not secure and violates Google's security best practices. Instead, secrets should be stored separately and securely. In Kubernetes, secrets are designed to store sensitive information such as passwords, API keys, and tokens. Secrets are encrypted and can be used to pass sensitive data to containers in a safe manner. To implement this in the given configuration, you can create a secret object and store the database password as a key-value pair. Then, modify the YAML file to populate the DB_PASSWORD environment variable from the secret. https://kubernetes.io/docs/concepts/configuration/secret/

B is the correct answer A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.

B not C read here that configmap don't encrypt https://kubernetes.io/docs/concepts/configuration/configmap/