Following a third-party security audit of your Cloud practices, it was noted that developers in your company use multiple service account keys during development. You need a quick, cost-effective solution to limit the lifetime of service account credentials with the following requirements:

Only a project named 'pj-sa' will host all service accounts requiring a key.

Service account keys should automatically expire after one day. What is the best solution to meet these requirements?

Real Exam

Implement a Kubernetes CronJob to periodically rotate service account keys and prevent the association of service accounts with resources across all projects, except for 'pj-sa'.

0.0%

Enforce an organizational policy that sets a 24-hour limit on the lifespan of service account keys and prevents the creation of service account keys, with an exception for 'pj-sa'.

62.5%

Set up a recurring Cloud Run task to automatically rotate service account keys at specified intervals for 'pj-sa' and establish an organizational policy to prohibit general service account key creation, making an exception for 'pj-sa'.

0.0%

Apply an organizational policy constraint that restricts the duration of service account keys to 24 hours and blocks the linkage of service accounts to resources across all projects, except for 'pj-sa'.

37.5%

Google Associate Cloud Engineer

Get started today

Comments