Answer-first summary for fast verification
Answer: Delete the compromised service account.
The question specifies that the compromised service account key was used to generate short-lived credentials, and immediate revocation of all access is required. According to Google Cloud IAM documentation and the community discussion (with multiple highly upvoted comments citing official sources), disabling a service account key does NOT revoke short-lived credentials already issued from that key. To immediately revoke all access, including short-lived credentials, the service account itself must be disabled or deleted. Option A (delete the service account) is the most definitive action to achieve this, as it immediately invalidates all credentials associated with the account. Option B (disable the key) is insufficient because short-lived credentials remain valid. Option C (wait for expiration) contradicts the 'immediate' requirement. Option D (rotate the key) prevents future use but does not revoke existing short-lived credentials. The community consensus strongly favors A, with 84% of votes and authoritative references to Google's documentation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A service account key has been publicly exposed on multiple public code repositories. Logs indicate the key was used to generate short-lived credentials. You need to immediately revoke all access for the service account.
What should you do?
A
Delete the compromised service account.
B
Disable the compromised service account key.
C
Wait until the service account credentials expire automatically.
D
Rotate the compromised service account key.
No comments yet.