Google Professional Cloud Security Engineer Exam - Topic 4 Question 52 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 52
Topic #: 4

[All Professional Cloud Security Engineer Questions]

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

ACreate a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user's temporary credentials.

BCreate a dedicated Cloud Identity user account for the cluster. Enable the constraints/iam.disableServiceAccountCreation organization policy at the project level.

CCreate a custom service account for the cluster Enable the constraints/iam.disableServiceAccountKeyCreation organization policy at the project level.

DCreate a custom service account for the cluster Enable the constraints/iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

Show Suggested Answer

Suggested Answer: D

by Arlette at Aug 20, 2022, 04:15 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Galen

4 months ago

Wait, can you really extend service account credentials like that? Sounds sketchy!

upvoted 0 times

...

Kristel

4 months ago

D? Really? That seems risky to me.

upvoted 0 times

...

Marguerita

4 months ago

C seems like the right choice, but I'm not sure about the policy implications.

upvoted 0 times

...

Phil

4 months ago

I think B is better, disabling service account creation is crucial.

upvoted 0 times

...

Ettie

4 months ago

Option A sounds solid, strong vaults are key!

upvoted 0 times

...

Blondell

5 months ago

I vaguely remember something about disabling service account key creation being a good practice. So, option C might be the safest bet, right?

upvoted 0 times

...

Elza

5 months ago

I practiced a similar question where we had to choose between service accounts and user accounts. I feel like option C might be the right approach, but I’m a bit hesitant.

upvoted 0 times

...

Lindy

5 months ago

I think option A sounds familiar, but I can't recall if using a self-hosted vault is really necessary for this scenario.

upvoted 0 times

...

Octavio

5 months ago

I remember we discussed the importance of using service accounts for better security, but I'm not sure if option C is the best choice here.

upvoted 0 times

...

Elza

5 months ago

I've got a good handle on this topic, so I'm confident I can nail this question. The reverse repo rate is determined by the central bank, not market forces, so A is wrong. B is the right answer.

upvoted 0 times

...

An

5 months ago

This looks straightforward, I'll go with Demographic since that's about the social background and age profile of the target audience.

upvoted 0 times

...

Chandra

5 months ago

I'm pretty sure the special folder permission is "Write". That allows you to create, modify, and delete files in the folder, which seems like the most comprehensive permission.

upvoted 0 times

...

Quentin

5 months ago

Hmm, I'm not totally sure about this one. I'll need to think it through carefully. The wording is a bit tricky.

upvoted 0 times

...

Bonita

5 months ago

This question seems straightforward, but I want to make sure I understand the concepts correctly before selecting an answer.

upvoted 0 times

...