Topic 1 Question 103
You are designing a new governance model for your organization's secrets that are stored in Secret Manager. Currently, secrets for Production and Non- Production applications are stored and accessed using service accounts. Your proposed solution must: ✑ Provide granular access to secrets ✑ Give you control over the rotation schedules for the encryption keys that wrap your secrets ✑ Maintain environment separation ✑ Provide ease of management Which approach should you take?
- Use separate Google Cloud projects to store Production and Non-Production secrets. 2. Enforce access control to secrets using project-level identity and Access Management (IAM) bindings. 3. Use customer-managed encryption keys to encrypt secrets.
- Use a single Google Cloud project to store both Production and Non-Production secrets. 2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings. 3. Use Google-managed encryption keys to encrypt secrets.
- Use separate Google Cloud projects to store Production and Non-Production secrets. 2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings. 3. Use Google-managed encryption keys to encrypt secrets.
- Use a single Google Cloud project to store both Production and Non-Production secrets. 2. Enforce access control to secrets using project-level Identity and Access Management (IAM) bindings. 3. Use customer-managed encryption keys to encrypt secrets.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: A
Correct. Ans A. Provide granular access to secrets: 2.Enforce access control to secrets using project-level identity and Access Management (IAM) bindings. Give you control over the rotation schedules for the encryption keys that wrap your secrets: 3. Use customer-managed encryption keys to encrypt secrets. Maintain environment separation: 1. Use separate Google Cloud projects to store Production and Non-Production secrets.
👍 9mT32022/05/19 None of the answers are correct, here is why :
✑ Provide granular access to secrets => 2. Enforce access control to secrets using secret-level (and not project-level) ✑ Give you control over the rotation schedules for the encryption keys that wrap your secrets => 3. Use customer-managed encryption keys to encrypt secrets. ✑ Maintain environment separation => 1. Use separate Google Cloud projects to store Production and Non-Production secrets ✑ Provide ease of management => 3. Use Google-managed encryption keys to encrypt secrets. (could be in contradiction with Give you control over the rotation schedules….)
It should be an E answer :
E. 1. Use separate Google Cloud projects to store Production and Non-Production secrets. 2. Enforce access control to secrets using secret-level identity and Access Management (IAM) bindings. 3. Use customer-managed encryption keys to encrypt secrets.
👍 4Medofree2022/05/26- 正解だと思う選択肢: A
A. 1. Use separate Google Cloud projects to store Production and Non-Production secrets. 2. Enforce access control to secrets using project-level identity and Access Management (IAM) bindings. 3. Use customer-managed encryption keys to encrypt secrets.
👍 2AwesomeGCP2022/10/07
シャッフルモード