Google Cloud Professional Cloud Security Engineer Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Google Cloud Professional Cloud Security Engineer Exam with our interactive quiz. Study with flashcards and multiple-choice questions, complete with hints and explanations. Ace your exam with confidence!

Practice this question and more.

If a service account key has been compromised, what should be the immediate action to secure access?

Rotate the API keys
Delete the compromised service account
Revoke all OAuth tokens
Notify all team members of the breach

The correct answer is: Delete the compromised service account

The most effective immediate action to take when a service account key has been compromised is to delete the compromised service account. This step ensures that any unauthorized access through the compromised key is completely stopped, thereby eliminating the risk of further exploitation. Deleting the service account removes its credentials from circulation, effectively severing any existing connections that might be established with systems or services. Additionally, this action helps prevent the malicious actor from retaining any ongoing access that could result in unauthorized data manipulation or exfiltration. While other actions such as rotating API keys, revoking OAuth tokens, or notifying team members may be part of a broader response plan, they do not immediately eliminate the risk associated with the compromised credentials. Rotating API keys can be helpful, but if the service account itself remains intact, there is still a risk of misuse. Revoking OAuth tokens can disrupt access but does not address the underlying issue of the compromised account. Notifying team members is crucial for awareness and response but does not provide direct mitigation of the immediate threat. Thus, deleting the compromised service account is the priority action that directly addresses the security breach.