Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Associate Cloud Engineer Topic 2 Question 81 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 81
Topic #: 2
[All Associate Cloud Engineer Questions]

Your company is moving its continuous integration and delivery (CI/CD) pipeline to Compute Engine instances. The pipeline will manage the entire cloud infrastructure through code. How can you ensure that the pipeline has appropriate permissions while your system is following security best practices?

Show Suggested Answer Hide Answer
Suggested Answer: D

Instance groups are collections of virtual machine (VM) instances that you can manage as a single entity. Instance groups can help you simplify the management of multiple instances, reduce operational costs, and improve the availability and performance of your applications. Instance groups support autoscaling, which automatically adds or removes instances from the group based on increases or decreases in load. Autoscaling helps your applications gracefully handle increases in traffic and reduces cost when the need for resources is lower. You can set the autoscaling policy based on CPU utilization, load balancing capacity, Cloud Monitoring metrics, or a queue-based workload. In this case, since the video encoding software is CPU-intensive, setting the autoscaling based on CPU utilization is the best option to ensure high availability and optimal performance.Reference:

Instance groups

Autoscaling groups of instances


Contribute your Thoughts:

Kenneth
4 days ago
I heard they're also moving the coffee machine to the cloud. Should make for some interesting DevOps stories.
upvoted 0 times
...
Maryann
6 days ago
Hmm, Option A with human approval? Looks like someone's trying to get out of work. Let's just automate this whole thing and call it a day!
upvoted 0 times
...
Nan
9 days ago
Option D looks the most comprehensive to me. Using a secret manager to store the service account keys and allowing the pipeline to request the appropriate secrets is a smart way to manage permissions.
upvoted 0 times
Filiberto
18 hours ago
I agree, using a secret manager for storing keys adds an extra layer of security.
upvoted 0 times
...
Lavonna
5 days ago
Option D looks the most comprehensive to me.
upvoted 0 times
...
...
Amalia
13 days ago
I'm not sure I agree with Option B. Wouldn't it be better to just give the service account all the required permissions instead of impersonating another user?
upvoted 0 times
...
Staci
16 days ago
Option B seems like the most secure approach. Impersonating a Cloud Identity user with elevated permissions is a great way to minimize the service account's rights.
upvoted 0 times
Pansy
7 days ago
I agree, option B does seem like a secure approach.
upvoted 0 times
...
...
Tamesha
25 days ago
That's a good point, Tammara. Option D does provide better security measures by using separate service accounts and secret management. It's important to prioritize security when setting up the pipeline.
upvoted 0 times
...
Tammara
29 days ago
I disagree, I believe option D is more secure. Creating multiple service accounts with minimal IAM permissions and using a secret manager service for key files adds an extra layer of security to the CI/CD pipeline.
upvoted 0 times
...
Tamesha
30 days ago
I think option B is the best choice. By attaching a single service account with minimal rights, we can ensure security while allowing the account to impersonate a Cloud Identity user with elevated permissions.
upvoted 0 times
...

Save Cancel