ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 39 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 39
Topic #: 1
[All Professional Cloud Developer Questions]

Your company's development teams want to use Cloud Build in their projects to build and push Docker images to Container Registry. The operations team requires all Docker images to be published to a centralized, securely managed Docker registry that the operations team manages.
What should you do?

  • A. Use Container Registry to create a registry in each development team's project. Configure the Cloud Build build to push the Docker image to the project's registry. Grant the operations team access to each development team's registry.
  • B. Create a separate project for the operations team that has Container Registry configured. Assign appropriate permissions to the Cloud Build service account in each developer team's project to allow access to the operation team's registry.
  • C. Create a separate project for the operations team that has Container Registry configured. Create a Service Account for each development team and assign the appropriate permissions to allow it access to the operations team's registry. Store the service account key file in the source code repository and use it to authenticate against the operations team's registry.
  • D. Create a separate project for the operations team that has the open source Docker Registry deployed on a Compute Engine virtual machine instance. Create a username and password for each development team. Store the username and password in the source code repository and use it to authenticate against the operations team's Docker registry.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by emmet at June 10, 2020, 2:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
emmet
Highly Voted 4 years, 4 months ago
I think the correct answer is B) Container Registry is a good choice to store containers in a secure manageable way. It is possible to have ContainerRegistry in One project and push to it from Cloud Build of another project by adding appropriate service account as a member of a Cloud Storage Bucket used to host containers with the role Cloud Build Service Account.
upvoted 15 times
saurabh1805
3 years, 11 months ago
Yes, B is best choice here.
upvoted 4 times
...
...
santoshchauhan
Most Recent 7 months, 3 weeks ago
Selected Answer: B
B. Create a separate project for the operations team that has Container Registry configured. Assign appropriate permissions to the Cloud Build service account in each developer team's project to allow access to the operation team's registry. This approach aligns with best practices for managing access and centralizing the storage of Docker images while maintaining a high level of security and control
upvoted 1 times
...
__rajan__
1 year, 1 month ago
Selected Answer: B
I would go with B.
upvoted 1 times
...
maxdanny
1 year, 2 months ago
Selected Answer: B
The option B is the best solution because it provides a centralized, securely managed Docker registry for all development teams to use, and the Cloud Build service account can be granted the necessary permissions to push Docker images to the registry.
upvoted 1 times
...
sbonessi
1 year, 5 months ago
Selected Answer: B
I think B is the correct one as well
upvoted 1 times
...
omermahgoub
1 year, 9 months ago
B is the best choice because it allows the operations team to have control over the centralized, securely managed Docker registry while also allowing the development teams to use Cloud Build in their projects. In this option, the operations team can create a separate project with Container Registry configured and grant appropriate permissions to the Cloud Build service account in each developer team's project to allow access to the operations team's registry. This allows the development teams to build and push Docker images to the centralized registry while still following the operations team's requirements.
upvoted 1 times
omermahgoub
1 year, 9 months ago
A is not ideal because it requires granting the operations team access to each development team's registry, which may not be secure.
upvoted 1 times
...
omermahgoub
1 year, 9 months ago
C is not the best choice because it requires storing the service account key file in the source code repository, which may not be secure.
upvoted 1 times
...
omermahgoub
1 year, 9 months ago
D is not the best choice because it requires using an open source Docker Registry and creating a username and password for each development team, which may not be secure or efficient.
upvoted 1 times
...
...
jcataluna
1 year, 10 months ago
Selected Answer: B
B is correct. No point deploying 1 CR per project.
upvoted 1 times
...
tomato123
2 years, 2 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
ParagSanyashiv
2 years, 9 months ago
Selected Answer: B
B is the suitable answer in this case
upvoted 2 times
...
kernel1973
3 years, 4 months ago
B is the best way to store and share images between different projects. Furthermore use of SA is a choice that match with GCP recommendations
upvoted 1 times
...
syu31svc
3 years, 4 months ago
"centralized, securely managed Docker registry" B is the answer
upvoted 1 times
...
navidlaji
3 years, 8 months ago
My answer is C , using service account to give permissions and storing it in a secured variable is a proper way
upvoted 3 times
StelSen
3 years, 8 months ago
Storing SA key file in repo is not recommended. Everyone can access it. Instead we can use this. https://stackoverflow.com/questions/48602546/google-cloud-functions-how-to-securely-store-service-account-private-key-when
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago