Topic 1 Question 95

Professional Cloud Security Engineer

Topic 1 Question 95
You are a Security Administrator at your organization. You need to restrict service account creation capability within production environments. You want to accomplish this centrally across the organization. What should you do?
- Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.
- Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.
- Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.
- Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.
解説
Reference: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts

ユーザの投票
コメント(7)
- Answer is (D).
  
  You can use the iam.disableServiceAccountCreation boolean constraint to disable the creation of new service accounts. This allows you to centralize management of service accounts while not restricting the other permissions your developers have on projects. https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#disable_service_account_creation
  
  👍 8
  Tabayashi2022/04/28
- 正解だと思う選択肢: D
  D is the answer.
  
  👍 1
  zellck2022/09/29
- 正解だと思う選択肢: D
  D. Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.
  
  👍 1
  AwesomeGCP2022/10/07
シャッフルモード

解説

ユーザの投票

コメント(7)