Google Professional Cloud DevOps Engineer
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
How can you design a solution to fully mitigate the risks of using JSON service account keys in a new Google Cloud organization while minimizing operational overhead?
A
Apply the constraints/iam.disableServiceAccountKevCreation constraint to the organization.
B
Use custom versions of predefined roles to exclude all iam.serviceAccountKeys.* service account role permissions.*
C
Apply the constraints/iam.disableServiceAccountKeyUpload constraint to the organization.
D
Grant the roles/iam.serviceAccountKeyAdmin IAM role to organization administrators only.