Practice Test 1 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test
Which of the following are the best practices recommended by Google Cloud when dealing with service Accounts. Select 3 relevant options
A. Grant the service account full set of permissions
B. Do not delete service accounts that are in use by running instances on Google App Engine or Google Compute Engine
C. Grant serviceAccountUser role to all the users in the organization.
D. Use the display name of a service account to keep track of the service accounts. When you create a service account, populate its display name with the purpose of the service account.
E. Create service accounts for each service with only the permissions required for that service.
Answer: Option B, D & E are the CORRECT choices.
Option A is INCORRECT because always grant the service account only the minimum set of permissions required to achieve their goal.
Option C is INCORRECT because always restrict who can act as service accounts. Users who are Service Account Users for a service account can indirectly access all the resources the service account has access to. Therefore, be cautious when granting the serviceAccountUser role to a user.
Comments are closed, but trackbacks and pingbacks are open.