Practice Test 1 | Google Cloud Certified Professional Cloud DevOps Engineer | Dumps | Mock Test
You are developing a mobile application for a financial institution. A key security requirement is that application passwords are changed frequently. The application will comprise two parts; the frontend deployed on Google Kubernetes Engine and the database is Google Cloud SQL. You need a secure way to pass the database credentials to the application at runtime and also meet the security requirement.
How can you achieve this following best practice?
A. Store the credentials in the application code and update it as needed by releasing new versions/updates to the application.
B. Use the CI/CD pipeline to inject the credentials into the application at deployment
C. Create a secret via the console and configure secret rotation. Store the credentials in the secret. Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
D. Create a secret via the CLI and configure secret rotation. Store the credentials in the secret, Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
Correct Answer: D
- Options A and B are incorrect. These do not follow best practice. Storing credentials in the application is not recommended and also injecting the credentials into the application is also not recommended because that means the credentials gets stored in the application code.
- Option C is incorrect. You currently cannot configure secret rotation via the console.
- Option D is CORRECT. Secrets rotation policies can only be done through the API or gcloud commands
Reference:
Comments are closed, but trackbacks and pingbacks are open.