Workload Identity — Google Cloud Professional Cloud Architect Practice Questions
Workload Identity is the recommended mechanism for granting GKE pods permission to call Google Cloud APIs without embedding service account keys as secrets. It works by federating a Kubernetes service account to a GCP service account, so the node's metadata server issues short-lived tokens scoped to that workload's identity. The exam tests candidates on configuring Workload Identity correctly, understanding why key-based authentication is an anti-pattern in containerized environments, and recognizing the security and operational benefits of keyless authentication.
Free questions on workload identity
You need to authenticate applications between GCP services without storing credentials. What should you use?
Free question · medium · full answer + explanation
More workload identity questions in the full bank
- How does Workload Identity improve security posture? Unlock answer & explanation →
- Your organization needs to implement multi-factor authentication across cloud resources. What is required? Unlock answer & explanation →
- You need to implement role-based access with service accounts for application authentication. What is the setup? Unlock answer & explanation →