Google Cloud Professional Cloud Database Engineer — Question 158

You are developing a Python application that will connect to AlloyDB for PostgreSQL as the backend datastore. Your organization’s security requirements do not allow the use of usernames and passwords for database authentication. How should you develop your application?

Answer options

• A. Use any PostgreSQL-compatible Python client. Connect to the AlloyDB cluster by using Identity-Aware Proxy (IAP).
• B. Use the AlloyDB Python connector. Use automated IAM authentication for connectivity.
• C. Use the AlloyDB Python connector. Enforce SSL connectivity to AlloyDB by using the gcloud alloydb instance update command with the --ssl-mode=ENCRYPTED_ONLY option.
• D. Use any PostgreSQL-compatible Python client. Use a service account name and credential as the username and password respectively during connection.

Correct answer: B

Explanation

The correct answer is B because using the AlloyDB Python connector with automated IAM authentication aligns with the requirement of avoiding usernames and passwords for security. Option A is incorrect as IAP does not provide the required authentication method in this scenario. Option C, while focused on SSL, does not address the authentication issue at hand. Option D contradicts the security policy by suggesting the use of a service account name and credential as authentication details.