Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 52 Discussion

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?
D) Create a custom service account for the cluster Enable the constraints/iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.
A) Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user's temporary credentials.
B) Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/iam.disableServiceAccountCreation organization policy at the project level.
C) Create a custom service account for the cluster Enable the constraints/iam.disableServiceAccountKeyCreation organization policy at the project level.

Google Professional Cloud Security Engineer Exam - Topic 4 Question 52 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 52
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Arlette at Aug 20, 2022, 04:15 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Galen
7 months ago
Wait, can you really extend service account credentials like that? Sounds sketchy!
upvoted 0 times
...
Kristel
7 months ago
D? Really? That seems risky to me.
upvoted 0 times
...
Marguerita
7 months ago
C seems like the right choice, but I'm not sure about the policy implications.
upvoted 0 times
...
Phil
8 months ago
I think B is better, disabling service account creation is crucial.
upvoted 0 times
...
Ettie
8 months ago
Option A sounds solid, strong vaults are key!
upvoted 0 times
...
Blondell
8 months ago
I vaguely remember something about disabling service account key creation being a good practice. So, option C might be the safest bet, right?
upvoted 0 times
...
Elza
8 months ago
I practiced a similar question where we had to choose between service accounts and user accounts. I feel like option C might be the right approach, but I’m a bit hesitant.
upvoted 0 times
...
Lindy
8 months ago
I think option A sounds familiar, but I can't recall if using a self-hosted vault is really necessary for this scenario.
upvoted 0 times
...
Octavio
8 months ago
I remember we discussed the importance of using service accounts for better security, but I'm not sure if option C is the best choice here.
upvoted 0 times
...
Elza
8 months ago
I've got a good handle on this topic, so I'm confident I can nail this question. The reverse repo rate is determined by the central bank, not market forces, so A is wrong. B is the right answer.
upvoted 0 times
...
An
8 months ago
This looks straightforward, I'll go with Demographic since that's about the social background and age profile of the target audience.
upvoted 0 times
...
Chandra
8 months ago
I'm pretty sure the special folder permission is "Write". That allows you to create, modify, and delete files in the folder, which seems like the most comprehensive permission.
upvoted 0 times
...
Quentin
8 months ago
Hmm, I'm not totally sure about this one. I'll need to think it through carefully. The wording is a bit tricky.
upvoted 0 times
...
Bonita
8 months ago
This question seems straightforward, but I want to make sure I understand the concepts correctly before selecting an answer.
upvoted 0 times
...

Save Cancel