Practice Test 4 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test

Correct Answers: A, D, E

A is correct. It is the most advisable way to build private clusters that can use an HTTP(S), an internal  or a network load balancer to accept incoming traffic

B is wrong. You have to use Service Accounts, but you cannot expose keys in clear text inside Configuration Files

C is wrong. It is always possible to use private clusters, that can use an HTTP(S), an internal or a network load balancer to accept incoming traffic

D is correct. It is the basic way to go, but now there is a better way: Workload Identity

E is correct. It is the new security method: once you configure the relationship between a Kubernetes service account and a Google service account, any workload running as the Kubernetes service account automatically authenticates as the Google service account while accessing Google Cloud APIs.

Workload Identity, is the new way for GKE applications to authenticate and consume other Google Cloud services.

It works by creating a relationship between Kubernetes service accounts and Cloud IAM service accounts, so you can use Kubernetes-native concepts to define which workloads run as which identities, and permit your workloads to automatically access other Google Cloud services, all without having to manage Kubernetes secrets or IAM service account keys.

For any further detail, please refer to the URLs below:

https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview

https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform