You have discovered that your developers frequently use numerous service account keys during development. To address this issue and enhance security, you need to enforce the use of short-lived service account credentials as a temporary measure. Here are your specific requirements: • Create all service accounts that require a key in a centralized project named "pj-sa". • Ensure that service account keys are only valid for one day. You need a cost-effective, Google-recommended solution. What should you do?

Exam-Like

Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

8.5%

Implement a Kubernetes CronJob to rotate all service account keys periodically. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

6.4%

Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

70.2%

Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

14.9%

Google Associate Cloud Engineer

Get started today

Comments