Topic 1 Question 157
You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?
Apply the constraints/iam.disableServiceAccountKevCreation constraint to the organization.
Use custom versions of predefined roles to exclude all iam.serviceAccountKeys.* service account role permissions.
Apply the constraints/iam.disableServiceAccountKeyUpload constraint to the organization.
Grant the roles/iam.serviceAccountKeyAdmin IAM role to organization administrators only.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: A
constraints/iam.disableServiceAccountKeyCreation
👍 3koo_kai2023/10/28 - 正解だと思う選択肢: A
"You can use the iam.disableServiceAccountKeyCreation boolean constraint to disable the creation of new external service account keys. This allows you to control the use of unmanaged long-term credentials for service accounts. When this constraint is set, user-managed credentials cannot be created for service accounts in projects affected by the constraint."
👍 2lelele20232023/11/01 - 正解だと思う選択肢: A
You can use the iam.disableServiceAccountCreation boolean constraint to disable the creation of new service accounts. This allows you to centralize management of service accounts while not restricting the other permissions your developers have on projects.
👍 2mshafa2023/11/04
シャッフルモード