Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test
The Compute Engine instances in your company’s Google project use Service Accounts to authenticate with other services. You have been tasked with managing the rotation of the Service Account keys.
Which of the following is NOT part of the process for rotating Service Account keys?
A. Create a Service Account Key.
B. Updating the permissions on the existing Service Account key.
C. Switch the applications to utilize the new Service Account key.
D. Delete the old Service Account key.
Correct Answer: B
- Option A is incorrect. Creating a new key is the first step in the rotation of the Service Account keys.
- Option B is CORRECT. Updating the keys in the existing Service Account is not necessary as the key is supposed to be destroyed after the applications have been switched to the new keys.
- Option C is incorrect. Switching the applications to a new key is needed for rotation to be complete.
- Option D is incorrect. It is the best practice to delete keys that are no longer in use to reduce any security risk.
References:
Comments are closed, but trackbacks and pingbacks are open.