Google Professional-Cloud-DevOps-Engineer Exam With Confidence Using Practice Dumps

To allow manual QA approval, you need separate pipeline stages (e.g., staging → production) and manual promotion between them.

"Cloud Deploy supports multi-stage pipelines where you can manually approve releases before promotion."

— Cloud Deploy Promotion

"Use a standard strategy when there are no automated tests or SLOs to support rollback decisions."

— Deployment Strategies

Canary is best used when automated health checks and metrics exist, which is not the case here.

The best option for making the third-party application work while following Google-recommended security practices is to add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key. The iam.disableServiceAccountKeyCreation policy is an organization policy that controls whether service account keys can be created in a project or organization. By default, this policy is set to on, which means that service account keys cannot be created. However, you can override this policy at a lower level, such as a project, by adding a rule to set it to off. This way, you can create a service account key for your project without affecting other projects or organizations. You should also follow the best practices for managing service account keys, such as rotating them regularly, storing them securely, and deleting them when they are no longer needed.