ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 146 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 146
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?

  • A. Configure Secret Manager to manage service account keys.
  • B. Enable an organization policy to disable service accounts from being created.
  • C. Enable an organization policy to prevent service account keys from being created.
  • D. Remove the iam.serviceAccounts.getAccessToken permission from users.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Baburao at Sept. 3, 2022, 5 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AwesomeGCP
1 year, 10 months ago
Selected Answer: C
C. Enable an organization policy to prevent service account keys from being created.
upvoted 3 times
...
Random_Mane
1 year, 10 months ago
Selected Answer: C
C. https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys "To prevent unnecessary usage of service account keys, use organization policy constraints: At the root of your organization's resource hierarchy, apply the Disable service account key creation and Disable service account key upload constraints to establish a default where service account keys are disallowed. When needed, override one of the constraints for selected projects to re-enable service account key creation or upload."
upvoted 4 times
AzureDP900
1 year, 9 months ago
Yes, You are right Enable an organization policy to prevent service account keys from being created.
upvoted 1 times
...
desertlotus1211
11 months ago
Your answer represents Answer B: to Disable sevice account key creation
upvoted 1 times
desertlotus1211
11 months ago
Sorry it says service account NOT SA keys... Answer C
upvoted 2 times
...
...
...
Baburao
1 year, 11 months ago
C seems to be a correct option but there must be an exclusion for CI/CD pipelines or SuperAdmins/OrgAdmins. Otherwise, nobody will be able to create ServiceAccount Keys.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel