GCP Professional Cloud Architect Practice Question
Your company is migrating its microservice application to Google Kubernetes Engine (GKE). Operations teams complain about frequent configuration drift between development, staging, and production clusters because releases are applied manually using kubectl. Security policy mandates that production service-account keys must never be stored in CI/CD systems, and every change must be auditable and reproducible from version control. Which deployment approach best meets these requirements while reducing manual effort?
Define cluster changes in Cloud Deployment Manager templates and trigger an on-prem Jenkins server to run gcloud container commands with stored admin credentials whenever a change is merged.
Use Cloud Build to build and sign container images, push them to Artifact Registry, and have Config Sync in each GKE cluster automatically pull and apply version-controlled manifests from a central Git repository using Workload Identity.
Configure a Cloud Build step that SSHes into each cluster master through master authorized networks and applies manifests stored in Cloud Storage, with the production kubeconfig retrieved from Secret Manager.
Schedule cron jobs on a bastion VM that periodically executes kubectl apply against each environment using manifests copied from Cloud Storage.
Using Cloud Build to create signed container images and push them to Artifact Registry automates the build stage. When each cluster runs Anthos Config Management's Config Sync, the desired Kubernetes manifests are pulled from a Git repository and applied declaratively. This GitOps pattern makes every change traceable to a commit, removes the need for ad-hoc kubectl executions, and, with GKE Workload Identity, avoids embedding long-lived production credentials in the CI pipeline. The other approaches either continue to rely on manual or scripted kubectl commands, store cluster credentials in external systems, or use tools (Deployment Manager, cron jobs, SSH) that do not provide continuous, version-controlled synchronization, so they cannot guarantee consistency, auditability, or key-less operation across environments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GitOps, and why is it important for Kubernetes deployments?
Open an interactive chat with Bash
How does Workload Identity in GKE improve security during CI/CD operations?
Open an interactive chat with Bash
What is Anthos Config Management, and how does Config Sync work?
Open an interactive chat with Bash
What is Anthos Config Management's Config Sync?
Open an interactive chat with Bash
How does Workload Identity improve security in GKE?
Open an interactive chat with Bash
What is Artifact Registry, and why is it used here?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Ensuring solution and operations excellence
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .