Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: 1. Store the database password inside a Kubernetes Secret object. 2. Update the YAML file to reference the DB_PASSWORD environment variable from the Secret.

**Correct Answer: B** - **A** is incorrect because embedding sensitive information like passwords in Docker images is insecure; if the image is compromised, so is the password. - **B** is correct. Kubernetes Secrets are designed for securely storing sensitive information, such as passwords, and are the recommended approach. - **C** is incorrect because ConfigMaps are not as secure as Secrets for sensitive data. - **D** is incorrect because writing sensitive information to disk, even in a persistent volume, is not secure. For more information, refer to the [Kubernetes Secrets documentation](https://kubernetes.io/docs/concepts/configuration/secret/) and discussions on [Secrets vs. ConfigMaps](https://stackoverflow.com/questions/36912372/kubernetes-secrets-vs-configmaps#:~:text=The%20major%20difference%20is%2C%20Secrets,for%20Secrets%20rather%20than%20Configs).

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: 1. Store the database password inside a Kubernetes Secret object. 2. Update the YAML file to reference the DB_PASSWORD environment variable from the Secret.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your teammate has deployed a microservice named myapp1 to a Kubernetes cluster using a YAML specification. Part of the YAML is shown below:

apiVersion: apps/v1
spec:
  containers:
  - name: main-container
    image: noonclub.io/company-repo/myapp1:1.7
    env:
    - name: DB_PASSWORD
      value: "tough0password1"
    ports:
    - containerPort: 8080

apiVersion: apps/v1
spec:
  containers:
  - name: main-container
    image: noonclub.io/company-repo/myapp1:1.7
    env:
    - name: DB_PASSWORD
      value: "tough0password1"
    ports:
    - containerPort: 8080

Upon review, you noticed the database password is stored in plain text within the YAML file. What security best practice should you recommend to your teammate?

Real Exam

Store the database password inside the Docker image of the container, not in the YAML file.

0.0%

Store the database password inside a Kubernetes Secret object.
Update the YAML file to reference the DB_PASSWORD environment variable from the Secret.

87.5%

Store the database password inside a ConfigMap object.
Update the YAML file to reference the DB_PASSWORD environment variable from the ConfigMap.

Store the database password in a file within a Kubernetes persistent volume and use a persistent volume claim to mount the volume to the container.

12.5%