Q: 2
You are asked to recommend a solution to store and retrieve sensitive configuration data from an
application that runs on Compute Engine. Which option should you recommend?
Options
Discussion
Option D fits here. Secret Manager is designed to securely store and manage sensitive config data, unlike custom metadata or guest attributes. I remember similar scenarios in the official guide and Google’s practice tests. Open to corrections if I missed something obvious.
Don’t think it’s C, Secret Manager (D) is built for sensitive info. Custom metadata is a common trap here.
D imo
C is just for metadata, isn't secure for secrets. Secret Manager (D) is built to protect sensitive stuff and supports IAM plus audit logging. Easy trap if you assume "custom metadata" is enough, but for sensitive config, only D really fits.
I think this matches Google best practices unless I missed some edge case.
C is just for metadata, isn't secure for secrets. Secret Manager (D) is built to protect sensitive stuff and supports IAM plus audit logging. Easy trap if you assume "custom metadata" is enough, but for sensitive config, only D really fits.
I think this matches Google best practices unless I missed some edge case.
C is wrong, D. You want Secret Manager when storing sensitive config, not metadata.
D here, official docs and practice labs both use Secret Manager for this case. Pretty sure that's the expected answer since it's made for storing/retrieving sensitive secrets securely. Correct me if I'm missing a gotcha.
C vs D, but pretty sure it's D since C is just metadata and not made for secrets.
Not 100 percent but I'd say D for handling sensitive configs.
Its D, labs and Google docs both call out Secret Manager for sensitive config data.
Probably D, Secret Manager is purpose-built for handling sensitive data with proper access controls and auditing. C looks tempting but doesn't have the right security guarantees for confidential config. I think D is best here, unless I'm missing something?
C , since Compute Engine custom metadata can be used for configs unless strict compliance is a must.
Be respectful. No spam.
