For the HipLocal case study, a security audit reveals that database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. To mitigate the risk of credential theft, what action should HipLocal take?

Corrections/Clarifications:

Removed redundant phrasing ("recent security audit discovers" → "a security audit reveals").

Simplified the question structure while preserving intent.

Ensured technical accuracy (credentials stored on persistent disks, not just "disks").

Exam-Like

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

5.9%

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

5.9%

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

23.5%

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

64.7%

Google Professional Cloud Developer

Get started today

Comments