ASSOCIATE-CLOUD-ENGINEER · Question #299
ASSOCIATE-CLOUD-ENGINEER Question #299: Real Exam Question with Answer & Explanation
Sign in or unlock ASSOCIATE-CLOUD-ENGINEER to reveal the answer and full explanation for question #299. The question stem and answer options stay visible for context.
Question
You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements: - All service accounts that require a key should be created in a centralized project called pj-sa. - Service account keys should only be valid for one day. You need a Google-recommended solution that minimizes cost. What should you do?
Options
- AImplement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org
- BImplement a Kubernetes CronJob to rotate all service account keys periodically. Disable
- CEnforce an org policy constraint allowing the lifetime of service account keys to be 24 hours.
- DEnforce a DENY org policy constraint over the lifetime of service account keys for 24 hours.
Unlock ASSOCIATE-CLOUD-ENGINEER to see the answer
You've previewed enough free ASSOCIATE-CLOUD-ENGINEER questions. Unlock ASSOCIATE-CLOUD-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.