PROFESSIONAL-CLOUD-DEVELOPER · Question #188
PROFESSIONAL-CLOUD-DEVELOPER Question #188: Real Exam Question with Answer & Explanation
The correct answer is D: Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin. https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets By default, Google Kubernetes Engine (GKE) encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption for you without any additional action Application-laye
Question
You are developing an application that consists of several microservices running in a Google Kubernetes Engine cluster. One microservice needs to connect to a third-party database running on-premises. You need to store credentials to the database and ensure that these credentials can be rotated while following security best practices. What should you do?
Options
- AStore the credentials in a sidecar container proxy, and use it to connect to the third-party
- BConfigure a service mesh to allow or restrict traffic from the Pods in your microservice to the
- CStore the credentials in an encrypted volume mount, and associate a Persistent Volume Claim
- DStore the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin
Explanation
https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets By default, Google Kubernetes Engine (GKE) encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption for you without any additional action Application-layer secrets encryption provides an additional layer of security for sensitive data, such as Secrets, stored in etcd. Using this functionality, you can use a key managed with Cloud KMS to encrypt data at the application layer. This encryption protects against attackers who gain access to an offline copy of etcd.
Topics
Community Discussion
No community discussion yet for this question.