New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 88 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 88
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Eric at Sep 14, 2024, 04:00 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Berry
3 months ago
B is definitely the way to go for managing permissions effectively.
upvoted 0 times
...
Bobbye
3 months ago
A is too broad; we need more specific permissions.
upvoted 0 times
...
Chantay
4 months ago
Surprised that D suggests storing keys in Secret Manager.
upvoted 0 times
...
Derrick
4 months ago
I disagree, C has better security with workload identity.
upvoted 0 times
...
Beatriz
4 months ago
Option B seems like the best choice for least privilege.
upvoted 0 times
...
Lorenza
4 months ago
I feel like option D might be risky since it involves generating service account keys. I remember we talked about avoiding long-lived credentials.
upvoted 0 times
...
Marylin
5 months ago
I’m a bit confused about the workload identity pool in option C. I don’t recall how that works in relation to service accounts.
upvoted 0 times
...
Kimbery
5 months ago
I think option B sounds familiar because it involves creating separate service accounts for each job, which seems like a good way to limit permissions.
upvoted 0 times
...
Nilsa
5 months ago
I remember we discussed the importance of the least-privilege principle in our last class, but I'm not sure which option best implements that here.
upvoted 0 times
...
Hermila
5 months ago
I think option B is the way to go. Creating individual service accounts for each batch job and using a general service account to orchestrate them seems like the most straightforward and secure approach.
upvoted 0 times
...
Gracia
5 months ago
I like the idea of using Secret Manager to store the service account keys in option D. That adds an extra layer of security, and it's still following the least-privilege principle.
upvoted 0 times
...
Joaquin
5 months ago
I'm a bit confused about the workload identity pool option. Can that really be the most secure approach here? I'm not sure I fully understand how that would work.
upvoted 0 times
...
Leonardo
5 months ago
This question seems straightforward, but I want to make sure I understand the requirements correctly. Adhering to the least-privilege principle is key here.
upvoted 0 times
...
Gail
5 months ago
Okay, let me think this through. We need to design a secure access concept for the batch jobs, and the question mentions using service accounts. I'm leaning towards option B, as it seems to follow the least-privilege principle.
upvoted 0 times
...
Clare
5 months ago
I'm a little unsure about this question. There are a few different approaches, and I want to make sure I understand the implications of each one. I'll need to carefully review the options and think through the potential pros and cons before making a decision.
upvoted 0 times
...
Quentin
1 year ago
I'm just glad they didn't include an option that involves manually editing a 500-line YAML file. That's the kind of thing that keeps me up at night.
upvoted 0 times
...
Darell
1 year ago
Is it just me, or does this question sound like it was written by a robot? I'm half-expecting the correct answer to be 'All of the above'.
upvoted 0 times
...
Raylene
1 year ago
I prefer option D. Storing service account keys in Secret Manager adds an extra layer of security.
upvoted 0 times
...
Melissa
1 year ago
Option D with the service account keys stored in Secret Manager is an interesting approach, but it feels a bit more complex than the other options. I'm not sure it's necessary for this use case.
upvoted 0 times
Olga
1 year ago
Option D does seem a bit complex with storing service account keys in Secret Manager, but it could provide an extra layer of security for the batch jobs.
upvoted 0 times
...
Destiny
1 year ago
I agree, Option B with individual service accounts for each batch job and using short-lived access tokens seems like a secure way to adhere to the least-privilege principle.
upvoted 0 times
...
Emmanuel
1 year ago
Option A seems like a simple solution to grant permissions to a general service account for executing batch jobs.
upvoted 0 times
...
...
Rochell
1 year ago
I agree with Julene. Option B ensures least-privilege access for each batch job.
upvoted 0 times
...
Valene
1 year ago
I like how option C uses workload identity pools to manage the permissions for each batch job. That seems like a really elegant and scalable solution.
upvoted 0 times
Deeanna
1 year ago
I think option C is the way to go for secure access to the batch jobs.
upvoted 0 times
...
Mose
1 year ago
It's definitely an elegant way to handle permissions for each batch job.
upvoted 0 times
...
Bette
1 year ago
I agree, using workload identity pools seems like a scalable solution for managing permissions.
upvoted 0 times
...
Mattie
1 year ago
Option C sounds like a great choice for managing permissions with workload identity pools.
upvoted 0 times
...
Nicholle
1 year ago
It's important to follow the least-privilege principle when designing access for batch jobs. Option C seems to do that effectively.
upvoted 0 times
...
Sabra
1 year ago
I agree, using workload identity pools seems like a secure and scalable solution for managing permissions.
upvoted 0 times
...
Precious
1 year ago
Option C is indeed a great choice. Workload identity pools make it easy to manage permissions for each batch job.
upvoted 0 times
...
...
Julianna
1 year ago
Option B looks like the way to go. Creating individual service accounts for each batch job and using a general service account to orchestrate them seems like a good way to follow the least-privilege principle.
upvoted 0 times
Anastacia
1 year ago
Using a general service account to obtain short-lived access tokens for the individual batch job service accounts adds an extra layer of security to the process.
upvoted 0 times
...
Veronica
1 year ago
It's a good practice to limit access to only what is needed for each job. This way, you reduce the risk of unauthorized access to other resources.
upvoted 0 times
...
Abraham
1 year ago
I agree, having separate service accounts for each batch job ensures that only the necessary permissions are granted for each specific task.
upvoted 0 times
...
Herschel
1 year ago
Option B looks like the way to go. Creating individual service accounts for each batch job and using a general service account to orchestrate them seems like a good way to follow the least-privilege principle.
upvoted 0 times
...
...
Julene
1 year ago
I think option B is the best choice. It allows for individual permissions for each batch job.
upvoted 0 times
...

Save Cancel