You have Google Kubernetes Engine (GKE) Pods that need to access objects in a Cloud Storage bucket. How can you securely grant this access while minimizing management overhead?

Exam-Like

Create a service account. Grant bucket access to the Pods by using Workload Identity Federation for GKE.

Create a service account with keys. Store the keys in Secret Manager with a 30-day rotation schedule. Reference the keys in the Pods.

Create a service account with keys. Store the keys as a Kubernetes secret. Reference the keys in the Pods.

Create a service account with keys. Store the keys in Secret Manager. Reference the keys in the Pods.

Google Professional Cloud Security Engineer