Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
How can you design a solution to fully mitigate the risks of using JSON service account keys in a new Google Cloud organization while minimizing operational overhead?
A
Apply the constraints/iam.disableServiceAccountKevCreation constraint to the organization.
B
Use custom versions of predefined roles to exclude all iam.serviceAccountKeys.* service account role permissions.
C
Apply the constraints/iam.disableServiceAccountKeyUpload constraint to the organization.
D
Grant the roles/iam.serviceAccountKeyAdmin IAM role to organization administrators only.
