Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Database Engineer All Questions

View all questions & answers for the Professional Cloud Database Engineer exam
Go to Exam

Exam Professional Cloud Database Engineer topic 1 question 71 discussion

Actual exam question from Google's Professional Cloud Database Engineer
Question #: 71
Topic #: 1
[All Professional Cloud Database Engineer Questions]

Your organization has a busy transactional Cloud SQL for MySQL instance. Your analytics team needs access to the data so they can build monthly sales reports. You need to provide data access to the analytics team without adversely affecting performance. What should you do?

  • A. Create a read replica of the database, provide the database IP address, username, and password to the analytics team, and grant read access to required tables to the team.
  • B. Create a read replica of the database, enable the cloudsql.iam_authentication flag on the replica, and grant read access to required tables to the analytics team.
  • C. Enable the cloudsql.iam_authentication flag on the primary database instance, and grant read access to required tables to the analytics team.
  • D. Provide the database IP address, username, and password of the primary database instance to the analytics, team, and grant read access to required tables to the team.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by pk349 at Dec. 24, 2022, 11:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
halol
3 months, 3 weeks ago
I'll go with A, since in IAM I can't grant access on specific table It's Role access (admin,client,editor,..etc)
upvoted 1 times
...
juliorevk
1 year, 1 month ago
Selected Answer: B
B because while both A and B work, B seems more native and secure since you aren't passing around database authentication passwords. You can also better manage the authentication through Google groups since you're using IAM.
upvoted 4 times
...
learnazureportal
1 year, 2 months ago
B is the correct answer. Option A could work in some scenarios but has some drawbacks.
upvoted 1 times
...
DBAgain
1 year, 4 months ago
Selected Answer: A
IAM auth is useful if the consuming analytics solution also integrates with IAM, but nothing in the question stated or suggested that. Therefore I vote for A.
upvoted 1 times
...
blathul
1 year, 5 months ago
Selected Answer: B
B offers a balance between providing data access to the analytics team and maintaining the performance of the busy transactional Cloud SQL instance.
upvoted 2 times
...
Nirca
1 year, 8 months ago
Selected Answer: B
You can enable IAM database authentication on an instance using the cloudsql.iam_authentication flag. Once you enable this flag, the instance enables logins from accounts that are configured for IAM database authentication.
upvoted 2 times
...
leroygordo
1 year, 8 months ago
Selected Answer: B
"Read replicas do not have the cloudsql.iam_authentication flag enabled automatically when it is enabled on the primary instance." https://cloud.google.com/sql/docs/postgres/replication/create-replica#configure_iam_replicas
upvoted 3 times
leroygordo
1 year, 8 months ago
Here the documentation for MySQL https://cloud.google.com/sql/docs/mysql/replication/create-replica
upvoted 1 times
...
...
Ayush9596
1 year, 9 months ago
Selected Answer: B
I think its B
upvoted 2 times
...
JayGeotab
1 year, 10 months ago
Selected Answer: A
B will still need grant database privileges to the IAM user where A we can assume they use built-in database authentication and database privileges are already granted
upvoted 4 times
...
sp57
1 year, 11 months ago
I think B a trick answer and we're being directed to Cloud SQL built-in database authentication . per link "When using IAM authentication, permission to access a resource (a Cloud SQL instance) isn't granted directly to the end user. Instead, permissions are grouped into roles, and roles are granted to principals." and "Roles. For IAM database authentication, a user requires the cloudsql.instances.login permission to log in to an instance. To get this permission, you bind the user or service account to either the predefined Cloud SQL Instance User role or a custom role that bundles the permission. "
upvoted 1 times
sp57
1 year, 11 months ago
from Cloud Sql Built In Authentication page... "Although IAM database authentication is more secure and reliable, you might prefer to use built-in authentication or a hybrid authentication model that includes both authentication types. You might create and manage local database users locally within a database to allow specific persons or applications to access a database. Such database users own the objects they create in the database. Cloud SQL offers strong built-in password enforcement. You can define and enable such enforcement through password policies." https://cloud.google.com/sql/docs/mysql/built-in-authentication Hence, vote for A
upvoted 1 times
sp57
1 year, 11 months ago
There are other steps required for iam authentication that are left out of B, supporting contention this is wrong (1) iam user has to be added to instance, (2) iam user granted access seel link https://cloud.google.com/sql/docs/mysql/add-manage-iam-users#creating-a-database-user
upvoted 1 times
...
...
...
chelbsik
1 year, 11 months ago
Selected Answer: B
https://cloud.google.com/sql/docs/mysql/authentication#instance_configuration_for
upvoted 2 times
...
pk349
1 year, 11 months ago
You can enable IAM database authentication on an instance using the cloudsql.iam_authentication flag. Once you enable this flag, the instance enables logins from accounts that are configured for IAM database authentication. Cloud SQL IAM database authentication for different instance scenarios Read replicas IAM database authentication is not enabled in a read replica automatically, even when it is enabled on the primary instance. After you create a read replica, you need to add IAM database authentication. For more information, see Configuring read replica logins for IAM database authentication.
upvoted 1 times
...
pk349
1 year, 11 months ago
B: Create a ***** read replica of the database, enable the ***** cloudsql.iam_authentication flag on the replica, and grant read access to required tables to the analytics team.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel