Google Professional Cloud DevOps Engineer Exam - Topic 3 Question 96 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam

Question #: 96
Topic #: 3

[All Professional Cloud DevOps Engineer Questions]

[Building and implementing CI/CD pipelines for a service]

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

AStore the password in Secret Manager and send the secret to the application by using environment variables.

BStore the password in Secret Manager and mount the secret as a volume within the application.

CUse Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

DStore the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

Show Suggested Answer

Suggested Answer: B

by Gail at Aug 16, 2025, 03:28 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Clay

6 days ago

I'm not entirely sure, but I think mounting the secret as a volume could be a better way to handle updates without downtime.

upvoted 0 times

...

Crista

12 days ago

I remember discussing the importance of using Secret Manager for sensitive data, so option A seems like a good choice.

upvoted 0 times

...

Sylvie

17 days ago

Cloud Build to add the password at build time? That's an interesting approach. I'll need to make sure the Artifact Registry is locked down tight, but that could be a good solution.

upvoted 0 times

...

Gertude

22 days ago

Mounting the secret as a volume seems like it could work, but I'm not sure if that's the most secure option. I'll have to research that a bit more.

upvoted 0 times

...

Maricela

27 days ago

Okay, I think I've got a plan. I'll use Secret Manager to store the password and send it to the application as an environment variable. That way, I can rotate the password easily without any downtime.

upvoted 0 times

...

Helga

1 month ago

Hmm, storing the password directly in the code seems like a bad idea from a security standpoint. I'll probably rule that out.

upvoted 0 times

...

Venita

1 month ago

This looks like a tricky one. I'll need to think through the security implications of each approach carefully.

upvoted 0 times

...

Rosio

2 months ago

I disagree, I believe we should store the password in Secret Manager and mount the secret as a volume within the application.

upvoted 0 times

...

Ettie

3 months ago

I think we should store the password in Secret Manager and send the secret to the application by using environment variables.

upvoted 0 times

...