Examtopics

コメント(3)

• 正解だと思う選択肢: A

  With identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This lets you access resources directly, using a short-lived access token, and eliminates the maintenance and security burden associated with service account keys.

  👍 3

  chelbsik2022/12/26

• A: Use workload identity ***** federation to impersonate a service account. Use identity federation to access resources from AWS, access resources from Microsoft Azure, access resources from an OIDC provider, or access resources from a SAML 2.0 provider. Learn how to manage workload identity pools using the Google Cloud CLI or the REST API.

  👍 1

  pk3492022/12/24

• A. Updating passwords represents user disruption. Eliminate B. Eliminate C for the same reason. D doesn’t make sense, leaves A. From Google’s documentation, “Traditionally, applications running outside Google Cloud can use service account keys to access Google Cloud resources. However, service account keys are powerful credentials, and can present a security risk if they are not managed correctly.

  With identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This approach eliminates the maintenance and security burden associated with service account keys.” https://cloud.google.com/iam/docs/workload-identity-federation

  👍 1

  dynamic_dba2023/03/16