Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Developer Exam - Topic 9 Question 115 Discussion

You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE).What should you do?
B) Use a Google service account to run the Pod with Workload Identity.
A) Assign a Google service account to the GKE nodes.
C) Store the Google service account credentials as a Kubernetes Secret.
D) Use a Google service account with GKE role-based access control (RBAC).

Google Professional Cloud Developer Exam - Topic 9 Question 115 Discussion

Actual exam question for Google's Professional Cloud Developer exam
Question #: 115
Topic #: 9
[All Professional Cloud Developer Questions]

You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE).

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity


by Raul at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Developer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Norah
26 days ago
C is risky. Storing credentials isn't safe.
upvoted 0 times
...
Arleen
1 month ago
Option A seems easier, but B is more secure.
upvoted 0 times
...
Herschel
1 month ago
I agree, B makes sense. It avoids managing keys.
upvoted 0 times
...
Estrella
1 month ago
I think option B is the best. Workload Identity is secure.
upvoted 0 times
...
Brynn
2 months ago
I thought A was the standard approach. Surprised to see B getting so much love!
upvoted 0 times
...
Lacresha
2 months ago
I think D is overkill for most projects.
upvoted 0 times
...
Gail
2 months ago
Wait, storing credentials as a Secret? Isn't that risky?
upvoted 0 times
...
Ben
2 months ago
A is a solid choice too, but B feels more secure.
upvoted 0 times
...
Tatum
2 months ago
Definitely B, Workload Identity is the way to go!
upvoted 0 times
...
Esteban
2 months ago
B) Use a Google service account to run the Pod with Workload Identity. This is the way to go, unless you want to accidentally grant your entire cluster access to your Google Cloud resources.
upvoted 0 times
...
Sage
3 months ago
Hmm, I wonder if the exam will also ask about the best way to store my Google service account password - maybe in a Post-it note on my monitor?
upvoted 0 times
...
Phuong
3 months ago
C) Store the Google service account credentials as a Kubernetes Secret. This is not the best approach, as it can lead to security risks.
upvoted 0 times
...
Selma
3 months ago
A) Assign a Google service account to the GKE nodes. This is a valid approach, but Workload Identity is the recommended way to access Google Cloud services.
upvoted 0 times
...
Raul
4 months ago
D) Use a Google service account with GKE role-based access control (RBAC). This option provides more granular control over permissions.
upvoted 0 times
...
Ronald
4 months ago
B) Use a Google service account to run the Pod with Workload Identity. This is the correct approach to access Google Cloud services from within GKE.
upvoted 0 times
...
Avery
4 months ago
Using RBAC with a service account sounds familiar, but I’m not clear on how it integrates with GKE for accessing other services.
upvoted 0 times
...
Shawnda
4 months ago
I feel like storing the service account credentials as a Kubernetes Secret could lead to security issues, but I can't recall the specifics.
upvoted 0 times
...
Clarence
4 months ago
I remember practicing a similar question, and I think assigning a service account to the GKE nodes might not be the most secure choice.
upvoted 0 times
...
Deandrea
4 months ago
I think using a service account with Workload Identity is the best option, but I'm not entirely sure how it works in GKE.
upvoted 0 times
...
Makeda
5 months ago
Okay, I've got it. Option B is the way to go. Workload Identity is the recommended approach for accessing Google Cloud services from within GKE. It's more secure than the other options.
upvoted 0 times
...
Vernice
5 months ago
I'm a little confused by all the options, but I think option B is the best choice. Workload Identity seems like the most efficient and secure way to handle this use case.
upvoted 0 times
...
Lettie
5 months ago
Option B is definitely the way to go here. Workload Identity is the recommended approach for accessing Google Cloud services from GKE. It's more secure than storing credentials as a Kubernetes Secret.
upvoted 0 times
...
Dion
5 months ago
Hmm, I'm a bit unsure about this one. I'll need to double-check the documentation to make sure I understand the differences between the options. Assigning a service account to the nodes or using RBAC could also work, but Workload Identity sounds like the best approach.
upvoted 0 times
...
Albina
5 months ago
I think I'd go with option B. Using Workload Identity seems like the most secure and straightforward way to access Google Cloud services from within GKE.
upvoted 0 times
...

Save Cancel