Following a third-party security audit of your Cloud practices, it was noted that developers in your company use multiple service account keys during development. You need a quick, cost-effective solution to limit the lifetime of service account credentials with the following requirements:

Only a project named 'pj-sa' will host all service accounts requiring a key.

Service account keys should automatically expire after one day. What is the best solution to meet these requirements?

Real Exam

Explanation:

Option B is correct because it directly addresses the requirement for service account keys to expire after one day by enforcing an organizational policy constraint. It also ensures that service account keys can only be created in the 'pj-sa' project, centralizing their management. Options A and C suggest periodic rotation of keys but do not enforce the one-day validity requirement. Option D would prevent the use of service account keys altogether, which contradicts the requirement for short-lived keys.

Powered ByGPT-5

Google Associate Cloud Engineer

Get started today

Google Associate Cloud Engineer

Get started today