PROFESSIONAL-CLOUD-DEVOPS-ENGINEER · Question #167
PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #167: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-DEVOPS-ENGINEER to reveal the answer and full explanation for question #167. The question stem and answer options stay visible for context.
Question
You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?
Options
- AApply the constraints/iam.disableServiceAccountKevCreation constraint to the organization.
- BUse custom versions of predefined roles to exclude all iam.serviceAccountKeys.* service account
- CApply the constraints/iam.disableServiceAccountKeyUpload constraint to the organization.
- DGrant the roles/iam.serviceAccountKeyAdmin IAM role to organization administrators only.
Unlock PROFESSIONAL-CLOUD-DEVOPS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-DEVOPS-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-DEVOPS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.