Google Cloud Professional Cloud Developer — Question 208

You are developing an application that consists of several microservices running in a Google Kubernetes Engine cluster. One microservice needs to connect to a third-party database running on-premises. You need to store credentials to the database and ensure that these credentials can be rotated while following security best practices. What should you do?

Answer options

• A. Store the credentials in a sidecar container proxy, and use it to connect to the third-party database.
• B. Configure a service mesh to allow or restrict traffic from the Pods in your microservice to the database.
• C. Store the credentials in an encrypted volume mount, and associate a Persistent Volume Claim with the client Pod.
• D. Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.

Correct answer: D

Explanation

The correct answer is D because storing credentials as a Kubernetes Secret ensures they are managed securely and can be easily rotated. The Cloud Key Management Service plugin further enhances security by managing encryption and decryption processes. Options A and C do not adhere to best practices for credential management, and option B focuses on traffic control rather than credential storage.