Practice Test 1 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test

Answer: Option B is the CORRECT because, creating service accounts for each service with only the permissions required for that service is the best practice, even if the employee leaves the organization other employees can use the service account .

Option A is INCORRECT because Service Account is used to give permission to Application or VMs.

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs so that the users aren’t directly involved. With Admin access, the employees will be able to create Compute Engine instances which runs the service account, connect to them, and use the service account to start the job. So in nutshell,admin empowers to effectively run code as the service accounts used to run these instances, and indirectly gain access to all the resources for which the service accounts has access.

Option  C is INCORRECT because Granting the service account only the minimum set of permissions required to achieve their goal is the best practice.

Option D is INCORRECT because Google Managed service accounts are created and owned by Google. These accounts represent different Google services and each account is automatically granted IAM roles to access your GCP project. This service account is designed specifically to run internal Google processes on your behalf and is not listed in the Service Accounts section of GCP Console.

More reading at https://cloud.google.com/iam/docs/understanding-service-accounts