Topic 1 Question 104
A third-party application needs to have a service account key to work properly. When you try to export the key from your cloud project, you receive an error: “The organization policy constraint iam.disableServiceAccounKeyCreation is enforced.” You need to make the third-party application work while following Google-recommended security practices.
What should you do?
Enable the default service account key, and download the key.
Remove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key.
Disable the service account key creation policy at the project's folder, and download the default key.
Add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project, and create a key.
ユーザの投票
コメント(7)
I think D is better, you can disable the Org Policy only on the project in which the key is.
👍 4syslog2023/11/03- 正解だと思う選択肢: D
(D) is better choice, exemption of policy at Org level is always riskier than to exempt it at project level (B). But, for answer (D) - I'm assuming here rule means assigning tag.
👍 4bhunias2023/11/20 - 正解だと思う選択肢: B
Right answer
👍 3Jason_Cloud_at2023/10/25
シャッフルモード