ASSOCIATE-CLOUD-ENGINEER · Question #403
ASSOCIATE-CLOUD-ENGINEER Question #403: Real Exam Question with Answer & Explanation
The correct answer is C: Create single-purpose service accounts.. Create single-purpose service accounts. Google recommends giving each workload its own service account (rather than sharing one account among many workloads). This ensures that you can grant each service account exactly the permissions it needs (and no more), and makes it easier
Question
You need to create and manage service accounts for your workloads running on Google Cloud. You want to follow Google-recommended practices. What should you do? (Choose two.)
Options
- ACreate as few service accounts as possible.
- BDelete any unused service accounts immediately.
- CCreate single-purpose service accounts.
- DManage service accounts as resources.
- EUse random names for the service accounts.
Explanation
Create single-purpose service accounts. Google recommends giving each workload its own service account (rather than sharing one account among many workloads). This ensures that you can grant each service account exactly the permissions it needs (and no more), and makes it easier to audit or revoke permissions for any one function. Manage service accounts as resources. Treat service accounts the same way you treat other GCP resources - track them in IAM policies, apply labels, automate their creation/deletion in Infrastructure-as-Code, and regularly review their roles. In other words, don’t let service accounts “just sit there”; include them in your normal resource-management and auditing processes.
Community Discussion
No community discussion yet for this question.