New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Associate Cloud Engineer Exam - Topic 2 Question 81 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 81
Topic #: 2
[All Associate Cloud Engineer Questions]

Your company is moving its continuous integration and delivery (CI/CD) pipeline to Compute Engine instances. The pipeline will manage the entire cloud infrastructure through code. How can you ensure that the pipeline has appropriate permissions while your system is following security best practices?

Show Suggested Answer Hide Answer
Suggested Answer: D

Instance groups are collections of virtual machine (VM) instances that you can manage as a single entity. Instance groups can help you simplify the management of multiple instances, reduce operational costs, and improve the availability and performance of your applications. Instance groups support autoscaling, which automatically adds or removes instances from the group based on increases or decreases in load. Autoscaling helps your applications gracefully handle increases in traffic and reduces cost when the need for resources is lower. You can set the autoscaling policy based on CPU utilization, load balancing capacity, Cloud Monitoring metrics, or a queue-based workload. In this case, since the video encoding software is CPU-intensive, setting the autoscaling based on CPU utilization is the best option to ensure high availability and optimal performance.Reference:

Instance groups

Autoscaling groups of instances


by Sophia at Apr 29, 2024, 04:38 AM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Geoffrey
3 months ago
C is too permissive, better to limit access like in B.
upvoted 0 times
...
Melodie
3 months ago
Human approval in A is a good safety net!
upvoted 0 times
...
Edda
3 months ago
Surprised that people still use a single service account, isn’t that risky?
upvoted 0 times
...
Arlyne
4 months ago
I disagree, D seems more secure with multiple accounts.
upvoted 0 times
...
Theodora
4 months ago
Option B sounds solid, minimal rights are key!
upvoted 0 times
...
Ryan
4 months ago
I practiced a similar question where using a single service account was recommended, but I feel like option C might not be the best for security since it grants all permissions.
upvoted 0 times
...
Erasmo
4 months ago
I’m leaning towards option A because human approval adds an extra layer of security, but I wonder if it might slow down the pipeline too much.
upvoted 0 times
...
Casie
4 months ago
I think option D could be a good choice since it suggests creating multiple service accounts. It feels safer, but managing all those accounts might get complicated.
upvoted 0 times
...
Willard
5 months ago
I remember we discussed the importance of using minimal permissions for service accounts. Option B seems to align with that principle, but I'm not entirely sure about the impersonation part.
upvoted 0 times
...
Joni
5 months ago
Ugh, this is a tough one. I'm not sure if I fully understand the differences between the options. I think I'll need to review the material on IAM and service accounts again before I can make a decision.
upvoted 0 times
...
Marcelle
5 months ago
Hmm, I'm a bit confused by all the different options. I'll need to think this through carefully. Maybe I should start by understanding the security best practices that are mentioned in the question.
upvoted 0 times
...
Arlene
5 months ago
This seems like a tricky question, but I think the key is to find a way to give the pipeline the permissions it needs while still following security best practices. Option D looks promising with the use of multiple service accounts and a secret manager.
upvoted 0 times
...
Ashlyn
5 months ago
I feel pretty confident about this one. Option B looks like the best approach to me - using a single service account with minimal rights and allowing it to impersonate a user with elevated permissions. That way, the pipeline has the access it needs without giving it too much power.
upvoted 0 times
...
Rene
5 months ago
The language aspect could be really tough. Automated tools might struggle to handle data in multiple languages or with a lot of jargon and technical terms.
upvoted 0 times
...
Chaya
5 months ago
Hmm, I'm a bit unsure about this one. I know there are different types of testing, but I'm not totally clear on the differences between verification and validation testing. I'll have to think it through.
upvoted 0 times
...
Dorthy
5 months ago
Okay, let me think this through. Cgroups are used to limit and isolate the resources (CPU, memory, disk I/O, etc.) used by a container, so I'm guessing the correct answer is "No" since the solution doesn't seem to be describing that functionality.
upvoted 0 times
...
Kenneth
10 months ago
I heard they're also moving the coffee machine to the cloud. Should make for some interesting DevOps stories.
upvoted 0 times
...
Maryann
10 months ago
Hmm, Option A with human approval? Looks like someone's trying to get out of work. Let's just automate this whole thing and call it a day!
upvoted 0 times
Rutha
9 months ago
User 3: I agree with Rutha, automation is more efficient and less prone to errors.
upvoted 0 times
...
Kyoko
9 months ago
User 2: Kyoko, automation is the way to go! Let's streamline this process.
upvoted 0 times
...
Whitney
9 months ago
User 1: Option A with human approval? Looks like someone's trying to get out of work.
upvoted 0 times
...
...
Nan
10 months ago
Option D looks the most comprehensive to me. Using a secret manager to store the service account keys and allowing the pipeline to request the appropriate secrets is a smart way to manage permissions.
upvoted 0 times
Aileen
9 months ago
It's important to have a secure way to manage permissions in the CI/CD pipeline.
upvoted 0 times
...
Filiberto
10 months ago
I agree, using a secret manager for storing keys adds an extra layer of security.
upvoted 0 times
...
Lavonna
10 months ago
Option D looks the most comprehensive to me.
upvoted 0 times
...
...
Amalia
10 months ago
I'm not sure I agree with Option B. Wouldn't it be better to just give the service account all the required permissions instead of impersonating another user?
upvoted 0 times
...
Staci
10 months ago
Option B seems like the most secure approach. Impersonating a Cloud Identity user with elevated permissions is a great way to minimize the service account's rights.
upvoted 0 times
Cary
9 months ago
Having minimal rights and impersonation can help prevent unauthorized access.
upvoted 0 times
...
Nobuko
9 months ago
It's important to minimize the service account's rights for security.
upvoted 0 times
...
Wilda
9 months ago
Impersonating a Cloud Identity user with elevated permissions is a smart move.
upvoted 0 times
...
Pansy
10 months ago
I agree, option B does seem like a secure approach.
upvoted 0 times
...
...
Tamesha
10 months ago
That's a good point, Tammara. Option D does provide better security measures by using separate service accounts and secret management. It's important to prioritize security when setting up the pipeline.
upvoted 0 times
...
Tammara
11 months ago
I disagree, I believe option D is more secure. Creating multiple service accounts with minimal IAM permissions and using a secret manager service for key files adds an extra layer of security to the CI/CD pipeline.
upvoted 0 times
...
Tamesha
11 months ago
I think option B is the best choice. By attaching a single service account with minimal rights, we can ensure security while allowing the account to impersonate a Cloud Identity user with elevated permissions.
upvoted 0 times
...

Save Cancel