How should you enforce this?

Professional Cloud Security Engineer V2 0 Comments

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization.

How should you enforce this?
A . Configure Secret Manager to manage service account keys.
B . Enable an organization policy to disable service accounts from being created.
C . Enable an organization policy to prevent service account keys from being created.
D . Remove the iam.serviceAccounts.getAccessToken permission from users.

Answer: C

Explanation:

https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys

"To prevent unnecessary usage of service account keys, use organization policy constraints: At the root of your organization’s resource hierarchy, apply the Disable service account key creation and Disable service account key upload constraints to establish a default where service account keys are disallowed. When needed, override one of the constraints for selected projects to re-enable service account key creation or upload."

Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download Professional Cloud Security Engineer PDF     Professional Cloud Security Engineer Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments