Crucial Exams

GCP Professional Cloud Architect Practice Question

Your organization runs hundreds of microservices on GKE that need to read and write to Cloud Storage and BigQuery. Today each service includes an API key compiled into the container image, which security teams flagged as non-compliant. You must redesign authentication to meet Google Cloud best practices for server-to-server access while minimizing operational overhead and avoiding long-lived secrets in containers. What should you do?

  • Enable Workload Identity and bind each Kubernetes service account to a Google Cloud service account so pods obtain short-lived OAuth 2.0 tokens automatically at runtime.

  • Create a single shared service account, generate a JSON key file, and bake the key into all container images for authentication.

  • Store the existing API keys in Kubernetes ConfigMaps and inject them into pods as environment variables during deployment.

  • Implement the installed-application OAuth 2.0 flow and persist the resulting refresh token on each pod's filesystem for reuse.

GCP Professional Cloud Architect
Managing implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot