New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Associate Cloud Engineer Exam - Topic 1 Question 98 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 98
Topic #: 1
[All Associate Cloud Engineer Questions]

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Edna at Nov 12, 2024, 10:59 PM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Elenora
3 months ago
A is definitely the simplest and most effective solution!
upvoted 0 times
...
Candida
3 months ago
D is a bit outdated, ACLs aren't the best practice anymore.
upvoted 0 times
...
Shantay
3 months ago
Wait, isn't C too complicated for just pulling images?
upvoted 0 times
...
Ashley
4 months ago
I disagree, B seems better for full access to APIs.
upvoted 0 times
...
Shad
4 months ago
A is the right choice! Granting the Storage Object Viewer role is key.
upvoted 0 times
...
Iluminada
4 months ago
Option D seems off to me. I don't recall needing to configure ACLs for each image; it feels like there's a simpler way to handle access.
upvoted 0 times
...
Ngoc
4 months ago
I feel like option C is a bit complicated with the service account and P12 key. We didn't really cover that in depth, did we?
upvoted 0 times
...
Eliseo
4 months ago
I'm not entirely sure, but I remember something about access scopes in GKE. Maybe option B is the right choice?
upvoted 0 times
...
Annmarie
5 months ago
I think option A sounds familiar since we discussed IAM roles and permissions for accessing resources in our last practice session.
upvoted 0 times
...
Lavonne
5 months ago
This is a tricky one. I'm not sure if I fully understand the difference between the node service account and the default Compute Engine service account. I'll need to do some research on how Kubernetes and GCP handle service accounts and permissions.
upvoted 0 times
...
Veta
5 months ago
Okay, I've got a strategy for this. I'll focus on the least-privileged approach that still allows the GKE cluster to access the container images. I think option A is the way to go - granting the Storage Object Viewer role to the node service account.
upvoted 0 times
...
Sue
5 months ago
Hmm, I'm a bit confused about the different service accounts and permissions involved here. I'll need to carefully read through the options and think through the security implications of each approach.
upvoted 0 times
...
Daniel
5 months ago
This seems like a straightforward question about setting up access between a GKE cluster and a Container Registry. I think the key is to grant the appropriate IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
Felix
10 months ago
I hear the Cloud Storage team is offering a special 'Kubernetes Delivery' service. You just have to leave a trail of breadcrumbs for the cluster to follow.
upvoted 0 times
Gennie
9 months ago
C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
upvoted 0 times
...
Jesus
9 months ago
B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
upvoted 0 times
...
Elza
9 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
...
Chu
10 months ago
Configuring ACLs on each image? Ain't nobody got time for that! I'm going with the easy button.
upvoted 0 times
...
Sanda
11 months ago
Creating a custom service account with a P12 key sounds a bit complicated. I'd prefer a simpler solution if possible.
upvoted 0 times
Linsey
9 months ago
D) Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
upvoted 0 times
...
Shay
10 months ago
B) When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
upvoted 0 times
...
Latosha
10 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
Kayleigh
10 months ago
A) That sounds like a simpler solution. Granting the Storage Object Viewer IAM role seems easier.
upvoted 0 times
...
Terry
10 months ago
C) Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
upvoted 0 times
...
Ernie
10 months ago
A) In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
upvoted 0 times
...
...
Destiny
11 months ago
But granting the Storage Object Viewer IAM role seems more secure to me.
upvoted 0 times
...
Eden
11 months ago
I'm not a fan of the 'Allow full access to all Cloud APIs' option. That's way too broad and a security risk. Let's go with something more specific.
upvoted 0 times
...
Lai
11 months ago
Option A seems like the logical choice. Granting the Storage Object Viewer role to the Kubernetes node service account should allow the cluster to download images from the registry.
upvoted 0 times
...
Zoila
11 months ago
I disagree, I believe the answer is C.
upvoted 0 times
...
Destiny
11 months ago
I think the correct answer is A.
upvoted 0 times
...

Save Cancel