For Individuals For Educators

ExpertMinds

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

Practice GCP Professional Cloud Architect GCP Professional Cloud Architect Practice Exam 2Question 26

Medium1 markMultiple Choice

Domain 2: Managing and Provisioning a Solution InfrastructureGKESecurityIAM

GCP PCA · Question 26 · Domain 2: Managing and Provisioning a Solution Infrastructure

A pod running in GKE needs to access a Cloud Storage bucket. You want to follow the principle of least privilege and avoid managing service account keys manually. What is the recommended approach?

Answer options:

Export a JSON key and store it in a Kubernetes Secret.

Assign the required IAM role to the GKE Node's underlying Compute Engine service account.

Use Workload Identity to bind a Kubernetes Service Account to a Google Service Account.

Make the Cloud Storage bucket public.

How to approach this question

Identify the modern way to grant GCP permissions to GKE pods.

Full Answer

C.Use Workload Identity to bind a Kubernetes Service Account to a Google Service Account.✓ Correct

Use Workload Identity to bind a Kubernetes Service Account to a Google Service Account.

Workload Identity is the recommended way to access Google Cloud services from applications running within GKE, allowing pod-level granularity without managing JSON keys.

Common mistakes

Using the node service account, which grants permissions to all pods on that node.

Question 25 All questions Question 27

Practice the full GCP Professional Cloud Architect Practice Exam 2

50 questions · hints · full answers · grading

More questions from this exam

Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Hard Q04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy

View all 50 questions →