ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 148 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 148
Topic #: 1
[All Professional Cloud Developer Questions]

You are developing a microservice-based application that will run on Google Kubernetes Engine (GKE). Some of the services need to access different Google Cloud APIs. How should you set up authentication of these services in the cluster following Google-recommended best practices? (Choose two.)

  • A. Use the service account attached to the GKE node.
  • B. Enable Workload Identity in the cluster via the gcloud command-line tool.
  • C. Access the Google service account keys from a secret management service.
  • D. Store the Google service account keys in a central secret management service.
  • E. Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by zellck at Dec. 17, 2022, 9:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
__rajan__
7 months, 1 week ago
Selected Answer: BE
BE is correct.
upvoted 1 times
...
purushi
8 months, 3 weeks ago
Selected Answer: BE
I go with B and E. They are almost same.
upvoted 1 times
...
Pime13
1 year, 2 months ago
Selected Answer: BE
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
upvoted 1 times
...
telp
1 year, 3 months ago
Selected Answer: BE
A is incorrect. While it could work, all the services are using the same service account, there is no separation of permissions, and no detailed logging. B and E together connect GKE and Google service accounts, so GKE can authenticate a service with a Google service account. C is incorrect. While this is feasible, it’s not the recommended practice for workload identity because of the mandatory key rotation of the service accounts. D is incorrect. While this is feasible, it’s not the recommended practice for workload identity because of the mandatory key rotation of the service accounts. E and B together connect GKE and Google service accounts, so GKE can authenticate a service with a Google service account.
upvoted 2 times
...
TNT87
1 year, 4 months ago
https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#use_workload_identity Answer B https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts Answer E
upvoted 2 times
...
zellck
1 year, 4 months ago
Selected Answer: BE
BE is the answer. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago