Answer-first summary for fast verification
Answer: Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.
The question requires centrally preventing service account creation across all production environments in the organization. Option D (iam.disableServiceAccountCreation) is the correct choice because it uses Google Cloud Organization Policy to centrally disable service account creation at the organization level, which aligns with the requirement for centralized management across all production environments. The community discussion strongly supports D with 83% consensus and multiple upvoted comments explaining that this constraint allows centralized management without restricting other developer permissions. Option A (IAM restrictions) is less suitable as it would require manual configuration per user/service account and doesn't provide centralized enforcement. Options B and C are incorrect because they address service account key creation/upload, not service account creation itself.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are a Security Administrator tasked with centrally preventing the creation of service accounts in all production environments across your organization. What should you do?
A
Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.
B
Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.
C
Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.
D
Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.