ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 214 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 214
Topic #: 1
[All Professional Cloud Developer Questions]

You are a developer at a large organization. You have an application written in Go running in a production Google Kubernetes Engine (GKE) cluster. You need to add a new feature that requires access to BigQuery. You want to grant BigQuery access to your GKE cluster following Google-recommended best practices. What should you do?

  • A. Create a Google service account with BigQuery access. Add the JSON key to Secret Manager, and use the Go client library to access the JSON key.
  • B. Create a Google service account with BigQuery access. Add the Google service account JSON key as a Kubernetes secret, and configure the application to use this secret.
  • C. Create a Google service account with BigQuery access. Add the Google service account JSON key to Secret Manager, and use an init container to access the secret for the application to use.
  • D. Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by melisargh at Dec. 12, 2022, 5:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SpecialEdition
5 months, 2 weeks ago
Option D doesn't say Service Account has BigQuery access. How is it correct?
upvoted 1 times
...
alpha_canary
1 year ago
Selected Answer: D
"Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs." https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is
upvoted 1 times
...
Pime13
2 years, 2 months ago
Selected Answer: D
Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster. https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is
upvoted 1 times
...
telp
2 years, 3 months ago
Selected Answer: D
The answer is D because the best pratice is to use workload identity https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is
upvoted 1 times
...
TNT87
2 years, 3 months ago
https://cloud.google.com/kubernetes-engine/docs/quickstarts/deploy-app-container-image#deploying_to_gke
upvoted 1 times
...
TNT87
2 years, 3 months ago
Selected Answer: D
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is Answer D
upvoted 1 times
...
sharath25
2 years, 4 months ago
Selected Answer: D
option D
upvoted 1 times
...
jcataluna
2 years, 4 months ago
Selected Answer: D
a go???? no!! D is correct
upvoted 1 times
...
zellck
2 years, 4 months ago
Selected Answer: D
D is the answer. https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs. Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster.
upvoted 1 times
...
melisargh
2 years, 4 months ago
Selected Answer: A
vote A because the type of auth supported by bq and the recommended way of auth which is use go libraries https://cloud.google.com/bigquery/docs/authorization https://pkg.go.dev/golang.org/x/oauth2/google?utm_source=cloud.google.com&utm_medium=referral#JWTAccessTokenSourceFromJSON
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago