Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 69 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 69
Topic #: 1
[All Professional Cloud Developer Questions]

Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible.
What should you do?

  • A. Use HTTP signed URLs to securely provide access to the required resources.
  • B. Use the instance's service account Application Default Credentials to authenticate to the required resources.
  • C. Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.
  • D. Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ralf_cc at June 22, 2021, 3:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thewalker
4 months, 1 week ago
Selected Answer: B
The most secure approach is B. Use the instance's service account Application Default Credentials to authenticate to the required resources. Here's why: Application Default Credentials (ADC): ADC is a Google Cloud feature that allows applications running on Google Cloud to automatically authenticate using the service account associated with the instance. This eliminates the need to store credentials directly on the instance, reducing security risks. No Manual Credential Management: ADC handles authentication automatically, eliminating the need to manually manage credentials, which can be error-prone and introduce security vulnerabilities. Key Rotation: Google Cloud automatically rotates service account keys, further enhancing security.
upvoted 1 times
thewalker
4 months, 1 week ago
Let's look at why the other options are less secure: A. Use HTTP signed URLs to securely provide access to the required resources: HTTP signed URLs are useful for providing temporary access to specific resources, but they don't address the core issue of securely storing and managing service account credentials. C. Generate a P12 file from the GCP Console after the instance is deployed and copy the credentials to the host instance before starting the application: This approach requires storing credentials on the instance, which is a security risk. It also introduces manual steps that can be error-prone. D. Commit the credential JSON file into your application's source repository and have your CI/CD process package it with the software that is deployed to the instance: This is a major security risk. Storing credentials in source code exposes them to anyone with access to the repository.
upvoted 1 times
...
...
__rajan__
1 year, 2 months ago
Selected Answer: B
Option B is Correct: This approach ensures that the credentials are securely managed and automatically provided to the instances when needed.
upvoted 1 times
...
__rajan__
1 year, 2 months ago
Selected Answer: A
This approach ensures that the credentials are securely managed and automatically provided to the instances when needed.
upvoted 1 times
...
telp
1 year, 10 months ago
Selected Answer: B
Answer B because best practice is to not store file with account service information when possible. With compute engine, the account service of the vm can be used to call google api if the roles are added to this account service.
upvoted 1 times
...
omermahgoub
1 year, 10 months ago
B. Use the instance's service account Application Default Credentials to authenticate to the required resources. Using the instance's service account Application Default Credentials is the most secure method for distributing credentials to the host instances. This method allows the instance to automatically authenticate with the required resources using the instance's built-in service account, without requiring the credentials to be stored on the instance or transmitted over the network. This eliminates the risk of the credentials being compromised or exposed. Additionally, this method is the most convenient, as it requires no manual steps to set up the credentials on the instance.
upvoted 3 times
...
tomato123
2 years, 3 months ago
Selected Answer: B
I think B is correct
upvoted 2 times
...
cloud_enth0325
2 years, 6 months ago
Selected Answer: B
I'm also considering this part -- "distribute these credentials to the host instances as securely as possible" This falls under B.
upvoted 1 times
...
[Removed]
2 years, 6 months ago
Selected Answer: C
Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. The application requires the credentials to be stored on the VM instance, so I think the application code points to a file stored in the Instance.
upvoted 1 times
...
woriheck93
3 years, 2 months ago
Answer is B https://cloud.google.com/docs/authentication/production#automatically If the environment variable GOOGLE_APPLICATION_CREDENTIALS isn't set, ADC uses the service account that is attached to the resource that is running your code.
upvoted 4 times
...
syu31svc
3 years, 4 months ago
"authenticated to GCP" is the key part of the qn https://cloud.google.com/iam/docs/creating-managing-service-account-keys: "To use a service account from outside of Google Cloud, such as on other platforms or on-premises, you must first establish the identity of the service account" "You can create service account keys in JSON or PKCS#12 (P12) format. " C is the answer
upvoted 2 times
syu31svc
3 years, 4 months ago
https://cloud.google.com/compute/docs/api/how-tos/authorization: "If you run applications on your Compute Engine instances, application default credentials can get credentials through built-in service accounts" Answer is B not C
upvoted 4 times
...
...
ralf_cc
3 years, 5 months ago
Only C sounds right
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel