Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Exam Professional Cloud Security Engineer Topic 1 Question 98 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 98
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Shawn at Feb 12, 2025, 06:47 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Keith
4 hours ago
I'm surprised Option A is even an option. Using a single general service account with all the required permissions is definitely not adhering to the least-privilege principle. That's like handing out the keys to the kingdom!
upvoted 0 times
...
Susana
3 days ago
I'm not sure, but option C also seems like a good choice with workload identity pool. It's a tough decision.
upvoted 0 times
...
Frankie
12 days ago
I agree with Lettie. Option B also uses short-lived access tokens, which adds an extra layer of security.
upvoted 0 times
...
Lettie
14 days ago
I think option B is the best choice. It creates separate service accounts for each batch job, ensuring least-privilege access.
upvoted 0 times
...
Dahlia
19 days ago
Option D with storing the service account keys in Secret Manager is a good way to keep the credentials secure, but it might be a bit more complicated to manage compared to the other options.
upvoted 0 times
...
Lucy
20 days ago
I like the idea of using workload identity pools and providers in Option C. It seems like a more scalable and flexible solution, especially if you have a lot of batch jobs or need to add more in the future.
upvoted 0 times
...
Ashanti
22 days ago
Option B seems like the most secure and least-privileged approach. Using a general service account to orchestrate and obtain short-lived access tokens for the individual batch job service accounts is a smart way to minimize the attack surface.
upvoted 0 times
Kenneth
10 days ago
Agreed, creating individual service accounts for each batch job and using short-lived access tokens is a good way to limit access.
upvoted 0 times
...
Thurman
17 days ago
Option B seems like the most secure and least-privileged approach.
upvoted 0 times
...
...

Save Cancel