Answer-first summary for fast verification
Answer: Create a new key, and use the new key in the application. Delete the old key from the Service Account.
Option C is correct because it follows Google's recommended key rotation practice: create a new key, update the application to use it, and then delete the old key. This ensures security by preventing continued use of potentially compromised old keys. The community discussion strongly supports C (57% consensus, with the highest upvoted comment citing Google documentation and emphasizing that keeping old keys active undermines security). Option D is incorrect as storing old keys as backups violates security best practices by maintaining attack vectors. Option A is invalid as there is no 'enable-auto-rotate' gcloud command for service account keys. Option B only rotates the key but does not address updating the application or deleting the old key, making it incomplete.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company's application is deployed using a user-managed service account key. You need to implement Google's recommended practices for rotating this key. What steps should you take?
A
Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNT.
B
Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEY.
C
Create a new key, and use the new key in the application. Delete the old key from the Service Account.
D
Create a new key, and use the new key in the application. Store the old key on the system as a backup key.