Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization.
How should you enforce this?
A . Configure Secret Manager to manage service account keys.
B . Enable an organization policy to disable service accounts from being created.
C . Enable an organization policy to prevent service account keys from being created.
D . Remove the iam.serviceAccounts.getAccessToken permission from users.
Answer: C
Explanation:
https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys
"To prevent unnecessary usage of service account keys, use organization policy constraints: At the root of your organization’s resource hierarchy, apply the Disable service account key creation and Disable service account key upload constraints to establish a default where service account keys are disallowed. When needed, override one of the constraints for selected projects to re-enable service account key creation or upload."
Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund