Crucial Exams

GCP Associate Cloud Engineer Practice Question

Your company stores container images in a private Artifact Registry repository named backend-repo in us-central1. A GKE cluster in the same project uses Workload Identity, and Pods that reference images from backend-repo are failing with 403 "permission denied" errors when pulling the image. Following least-privilege principles, which IAM role should you grant to the Google service account mapped to the Kubernetes service account so the Pods can successfully pull images from the repository?

  • Grant the Storage Object Viewer role (roles/storage.objectViewer) to the mapped Google service account.

  • Grant the Artifact Registry Reader role (roles/artifactregistry.reader) to the mapped Google service account.

  • Grant the Artifact Registry Writer role (roles/artifactregistry.writer) to the mapped Google service account.

  • Grant the Kubernetes Engine Admin role (roles/container.admin) to the mapped Google service account.

GCP Associate Cloud Engineer
Ensuring successful operation of a cloud solution
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot