PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #225
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #225: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to reveal the answer and full explanation for question #225. The question stem and answer options stay visible for context.
Question
You are running applications outside Google Cloud that need access to Google Cloud resources. You are using workload identity federation to grant external identities Identity and Access Management (IAM) roles to eliminate the maintenance and security burden associated with service account keys. You must protect against attempts to spoof another user's identity and gain unauthorized access to Google Cloud resources. What should you do? (Choose two.)
Options
- AEnable data access logs for IAM APIs.
- BLimit the number of external identities that can impersonate a service account.
- CUse a dedicated project to manage workload identity pools and providers.
- DUse immutable attributes in attribute mappings.
- ELimit the resources that a service account can access.
Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-SECURITY-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.