PROFESSIONAL-CLOUD-ARCHITECT · Question #366
PROFESSIONAL-CLOUD-ARCHITECT Question #366: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-ARCHITECT to reveal the answer and full explanation for question #366. The question stem and answer options stay visible for context.
Question
You are designing a central, automated infrastructure deployment process for your organization using Terraform and Cloud Build. The security team prohibits the use of long-lived, static service account keys in any CI/CD pipeline. Additionally, while developers can propose infrastructure changes for peer review, they must not have permissions to directly apply changes in the production project. You need to design a secure and automated workflow for applying Terraform changes that meets the security team's requirements and ensures proper governance. What should you do?
Options
- AConfigure the Cloud Build pipeline to use service account impersonation. Set up a trigger that
- BUse service account impersonation in Cloud Build. Configure the pipeline to run terraform plan on
- CConfigure the pipeline to only run terraform plan. After a pull request is approved, have an
- DCreate a privileged service account and store its JSON key in Secret Manager. Configure the
Unlock PROFESSIONAL-CLOUD-ARCHITECT to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-ARCHITECT questions. Unlock PROFESSIONAL-CLOUD-ARCHITECT for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.