ExpertMedium1 markMultiple Choice
GCP PCA · Question 43 · Domain 3: Designing for Security and Compliance
You need to store database passwords and API keys for your Cloud Run application. Which TWO statements correctly describe why Secret Manager is preferred over Cloud KMS for this use case? (Select TWO)
You need to store database passwords and API keys for your Cloud Run application. Which TWO statements correctly describe why Secret Manager is preferred over Cloud KMS for this use case? (Select TWO)
Answer options:
A.
Secret Manager stores the actual payload (the password), while KMS only manages encryption keys.
B.
Secret Manager supports versioning of secrets natively.
C.
Secret Manager is free, while KMS is expensive.
D.
Cloud KMS cannot be accessed by Cloud Run.
E.
Secret Manager automatically rotates passwords in the database.
How to approach this question
Differentiate Secret Manager and KMS.
Full Answer
Secret Manager stores the actual payload (the password), while KMS only manages encryption keys.
Secret Manager supports versioning of secrets natively.
Secret Manager is designed to store and version small payloads like passwords and API keys. Cloud KMS is designed to manage cryptographic keys used to encrypt data stored in other services.
Common mistakes
Thinking KMS stores the passwords.
Practice the full GCP Professional Cloud Architect Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...HardQ04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy