ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.2: Managing service accountsDomain 5.2Service AccountsSecurityKeys

GCP ACE · Question 47 · Domain 5.2: Managing service accounts

You have an application running on-premises (outside of GCP) that needs to write data to Cloud Pub/Sub. You have created a service account for this application and generated a JSON key file.

Which TWO practices should you follow to secure this service account key? (Select TWO)

Answer options:

A.

Commit the JSON key to your Git repository so the application can always find it.

B.

Store the JSON key securely (e.g., in a secret manager) and restrict access to it.

C.

Implement a process to regularly rotate the service account keys.

D.

Assign the 'Owner' role to the service account so it doesn't face permission errors.

E.

Disable the service account when the application is running.

How to approach this question

Identify standard security best practices for managing static credentials.

Full Answer

Store the JSON key securely (e.g., in a secret manager) and restrict access to it., Implement a process to regularly rotate the service account keys.
Service account JSON keys are long-lived, static credentials. If leaked, anyone can use them to access your GCP resources. Therefore, they must be stored securely (never in source code) and rotated regularly (creating a new key, updating the app, and deleting the old key) to minimize security risks.

Common mistakes

Thinking it's acceptable to hardcode keys in applications or source control.
46All questions48

Practice the full GCP Associate Cloud Engineer Practice Exam 4

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You have recently joined a new team and need to set up a new Google Cloud project for a developme...EasyQ02Your company uses Google Workspace. You need to grant a new developer, Alice, the ability to view...MediumQ03You have created a new GCP project and want to deploy a Compute Engine instance. However, when yo...MediumQ04Your startup has a strict monthly cloud budget of $500. You want to be notified via email when yo...EasyQ05Your finance team wants to analyze Google Cloud costs using standard SQL and build custom dashboa...Medium
View all 50 questions →