Google Exam Associate Cloud Engineer Topic 1 Question 98 Discussion

Actual exam question for Google's Associate Cloud Engineer exam

Question #: 98
Topic #: 1

[All Associate Cloud Engineer Questions]

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

AIn the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

BWhen you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.

CCreate a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

DConfigure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Show Suggested Answer

Suggested Answer: D

by Edna at Nov 12, 2024, 10:59 PM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Felix

2 months ago

I hear the Cloud Storage team is offering a special 'Kubernetes Delivery' service. You just have to leave a trail of breadcrumbs for the cluster to follow.

upvoted 0 times

Gennie

8 days ago

C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

upvoted 0 times

...

Jesus

15 days ago

B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.

upvoted 0 times

...

Elza

22 days ago

A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

upvoted 0 times

...

Chu

2 months ago

Configuring ACLs on each image? Ain't nobody got time for that! I'm going with the easy button.

upvoted 0 times

...

Sanda

2 months ago

Creating a custom service account with a P12 key sounds a bit complicated. I'd prefer a simpler solution if possible.

upvoted 0 times

Linsey

1 months ago

D) Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

upvoted 0 times

...

Shay

1 months ago

B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.

upvoted 0 times

...

Latosha

1 months ago

A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

upvoted 0 times

...

Kayleigh

1 months ago

A) That sounds like a simpler solution. Granting the Storage Object Viewer IAM role seems easier.

upvoted 0 times

...

Terry

2 months ago

C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

upvoted 0 times

...

Ernie

2 months ago

A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

upvoted 0 times

...

Destiny

2 months ago

But granting the Storage Object Viewer IAM role seems more secure to me.

upvoted 0 times

...

Eden

2 months ago

I'm not a fan of the 'Allow full access to all Cloud APIs' option. That's way too broad and a security risk. Let's go with something more specific.

upvoted 0 times

...

Lai

2 months ago

Option A seems like the logical choice. Granting the Storage Object Viewer role to the Kubernetes node service account should allow the cluster to download images from the registry.

upvoted 0 times

...

Zoila

2 months ago

I disagree, I believe the answer is C.

upvoted 0 times

...

Destiny

3 months ago

I think the correct answer is A.

upvoted 0 times

...