ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 3.1: Security DesignSecurityGKEWorkload IdentityIAM

GCP PCA · Question 26 · Security Design

Your application runs on GKE and needs to access a Cloud Storage bucket. You want to follow the principle of least privilege and avoid managing service account keys manually. What is the most secure way to grant the GKE pods access to the bucket?

Answer options:

A.

Export a JSON key for a Google Cloud Service Account and store it as a Kubernetes Secret.

B.

Assign the required IAM roles to the Compute Engine default service account used by the GKE nodes.

C.

Configure Workload Identity to bind a Kubernetes Service Account to a Google Cloud Service Account.

D.

Use Cloud VPN to create a secure tunnel between the GKE cluster and Cloud Storage.

How to approach this question

Identify the native GKE feature that maps Kubernetes identities to GCP IAM identities.

Full Answer

C.Configure Workload Identity to bind a Kubernetes Service Account to a Google Cloud Service Account.✓ Correct
Configure Workload Identity to bind a Kubernetes Service Account to a Google Cloud Service Account.
Workload Identity allows a Kubernetes service account in your GKE cluster to act as a Google Cloud service account. Pods that use the Kubernetes service account automatically authenticate as the Google Cloud service account when accessing GCP APIs, providing secure, keyless authentication.

Common mistakes

Choosing to assign roles to the node pool (B), which over-provisions access to all pods on the node.
25All questions27

Practice the full GCP Professional Cloud Architect Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ02CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ03CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...HardQ04CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ05CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Easy
View all 50 questions →