Practice Test 2 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test
For this question, refer to the Mountkirk Games case study.
MountKirk Games uses Kubernetes and Google Kubernetes Engine. For the management, it is important to use an open platform, cloud-native, and without vendor lock-ins.
But they also need to use advanced APIs of GCP services and want to do it securely using standard methodologies, following Google-recommended practices but above all efficiently with maximum security.
Which of the following solutions would you recommend?
A. API keys
B. Service Accounts
C. Workload identity
D. Workload identity federation
Correct Answer: C
The preferred way to access services in a secured and authorized way is with Kubernetes service accounts, which are not the same as GCP service accounts.
With Workload Identity, you can configure a Kubernetes service account so that workloads will automatically authenticate as the corresponding Google service account when accessing GCP APIs.
Moreover, Workload Identity is the recommended way for applications in GKE to securely access GCP APIs because it lets you manage identities and authorization in a standard, secure and easy way.
- A is wrong because API keys offer minimal security and no authorization, just identification.
- B is wrong because GCP Service Accounts are GCP proprietary. Kubernetes is open and works with Kubernetes service accounts.
- D is wrong because Workload identity federation is useful when you have an external identity provider such as Amazon Web Services (AWS), Azure Active Directory (AD), or an OIDC-compatible provider.
For any further detail:
Comments are closed, but trackbacks and pingbacks are open.