Topic 1 Question 187
A service account key has been publicly exposed on multiple public code repositories. After reviewing the logs, you notice that the keys were used to generate short-lived credentials. You need to immediately remove access with the service account.
What should you do?
Delete the compromised service account.
Disable the compromised service account key.
Wait until the service account credentials expire automatically.
Rotate the compromised service account key.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: A
Normally you would just choose (D) to not break the business continuity. But in this case, when short-lived credentials are created you need to disable/delete service account (disabling service account key doesn't revoke short-lived credentials)
https://cloud.google.com/iam/docs/keys-disable-enable#disabling
👍 10a190d622023/08/03 - 正解だと思う選択肢: A
I choose option A. Disabling a service account key does not revoke short-lived credentials that were issued based on the key. To revoke a compromised short-lived credential, must delete the service account that the credential represents. If you do so, any workload that uses the service account will immediately lose access to your resources.
👍 3ymkk2023/08/17 Why not B?
👍 2Sanjana20202023/08/03
シャッフルモード