ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Database Engineer All Questions

View all questions & answers for the Professional Cloud Database Engineer exam
Go to Exam

Exam Professional Cloud Database Engineer topic 1 question 116 discussion

Actual exam question from Google's Professional Cloud Database Engineer
Question #: 116
Topic #: 1
[All Professional Cloud Database Engineer Questions]

Your organization is currently updating an existing corporate application that is running in another public cloud to access managed database services in Google Cloud. The application will remain in the other public cloud while the database is migrated to Google Cloud. You want to follow Google-recommended practices for authentication. You need to minimize user disruption during the migration. What should you do?

  • A. Use workload identity federation to impersonate a service account.
  • B. Ask existing users to set their Google password to match their corporate password.
  • C. Migrate the application to Google Cloud, and use Identity and Access Management (IAM).
  • D. Use Google Workspace Password Sync to replicate passwords into Google Cloud.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by pk349 at Dec. 24, 2022, 10:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dynamic_dba
Highly Voted 1 year, 7 months ago
A. Updating passwords represents user disruption. Eliminate B. Eliminate C for the same reason. D doesn’t make sense, leaves A. From Google’s documentation, “Traditionally, applications running outside Google Cloud can use service account keys to access Google Cloud resources. However, service account keys are powerful credentials, and can present a security risk if they are not managed correctly. With identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This approach eliminates the maintenance and security burden associated with service account keys.” https://cloud.google.com/iam/docs/workload-identity-federation
upvoted 7 times
...
Pime13
Most Recent 5 months, 3 weeks ago
Selected Answer: A
https://cloud.google.com/iam/docs/workload-identity-federation
upvoted 1 times
...
chelbsik
1 year, 10 months ago
Selected Answer: A
With identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This lets you access resources directly, using a short-lived access token, and eliminates the maintenance and security burden associated with service account keys.
upvoted 4 times
...
pk349
1 year, 10 months ago
A: Use workload identity ***** federation to impersonate a service account. Use identity federation to access resources from AWS, access resources from Microsoft Azure, access resources from an OIDC provider, or access resources from a SAML 2.0 provider. Learn how to manage workload identity pools using the Google Cloud CLI or the REST API.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago