PROFESSIONAL-CLOUD-DEVOPS-ENGINEER · Question #188
PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #188: Real Exam Question with Answer & Explanation
The correct answer is C: 1. Create a Google service account.. Workload Identity allows GKE workloads to access Google Cloud resources securely without needing long-lived credentials. It enables the Kubernetes service accounts to act as the Google service accounts, following the principle of least privilege. By linking the Google service acc
Question
You are designing a new multi-tenant Google Kubernetes Engine (GKE) cluster for a customer. Your customer is concerned with the risks associated with long-lived credentials use. The customer requires that each GKE workload has the minimum Identity and Access Management (IAM) permissions set following the principle of least privilege (PoLP). You need to design an IAM impersonation solution while following Google-recommended practices. What should you do?
Options
- A1. Create a Google service account.
- B1. Create a Google service account.
- C1. Create a Google service account.
- D1. Create a Google service account.
Explanation
Workload Identity allows GKE workloads to access Google Cloud resources securely without needing long-lived credentials. It enables the Kubernetes service accounts to act as the Google service accounts, following the principle of least privilege. By linking the Google service account with the Kubernetes service account and assigning appropriate IAM permissions, you ensure that each workload has only the permissions it needs to function, thus minimizing security risks associated with credential management. This method also avoids the need for managing service account keys, which can be a security concern.
Topics
Community Discussion
No community discussion yet for this question.