Exam Professional-Cloud-Security-Engineer Topic 1 Question 87 Discussion

Actual exam question for Google's Professional-Cloud-Security-Engineer exam
Question #: 87
Topic #: 1
Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?

Suggested Answer: C Vote an answer

https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys
"To prevent unnecessary usage of service account keys, use organization policy constraints: At the root of your organization's resource hierarchy, apply the Disable service account key creation and Disable service account key upload constraints to establish a default where service account keys are disallowed. When needed, override one of the constraints for selected projects to re-enable service account key creation or upload."

by Frederica at Jul 15, 2026, 03:02 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10