Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Google Exam Professional-Cloud-Security-Engineer Topic 4 Question 88 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 88
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Eric at Sep 14, 2024, 04:00 AM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Security-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Quentin
11 hours ago
I'm just glad they didn't include an option that involves manually editing a 500-line YAML file. That's the kind of thing that keeps me up at night.
upvoted 0 times
...
Darell
1 days ago
Is it just me, or does this question sound like it was written by a robot? I'm half-expecting the correct answer to be 'All of the above'.
upvoted 0 times
...
Raylene
3 days ago
I prefer option D. Storing service account keys in Secret Manager adds an extra layer of security.
upvoted 0 times
...
Melissa
4 days ago
Option D with the service account keys stored in Secret Manager is an interesting approach, but it feels a bit more complex than the other options. I'm not sure it's necessary for this use case.
upvoted 0 times
...
Rochell
6 days ago
I agree with Julene. Option B ensures least-privilege access for each batch job.
upvoted 0 times
...
Valene
11 days ago
I like how option C uses workload identity pools to manage the permissions for each batch job. That seems like a really elegant and scalable solution.
upvoted 0 times
Sabra
6 days ago
I agree, using workload identity pools seems like a secure and scalable solution for managing permissions.
upvoted 0 times
...
Precious
7 days ago
Option C is indeed a great choice. Workload identity pools make it easy to manage permissions for each batch job.
upvoted 0 times
...
...
Julianna
22 days ago
Option B looks like the way to go. Creating individual service accounts for each batch job and using a general service account to orchestrate them seems like a good way to follow the least-privilege principle.
upvoted 0 times
Anastacia
1 days ago
Using a general service account to obtain short-lived access tokens for the individual batch job service accounts adds an extra layer of security to the process.
upvoted 0 times
...
Veronica
5 days ago
It's a good practice to limit access to only what is needed for each job. This way, you reduce the risk of unauthorized access to other resources.
upvoted 0 times
...
Abraham
11 days ago
I agree, having separate service accounts for each batch job ensures that only the necessary permissions are granted for each specific task.
upvoted 0 times
...
Herschel
12 days ago
Option B looks like the way to go. Creating individual service accounts for each batch job and using a general service account to orchestrate them seems like a good way to follow the least-privilege principle.
upvoted 0 times
...
...
Julene
23 days ago
I think option B is the best choice. It allows for individual permissions for each batch job.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77