Google Cloud Professional Cloud Security Engineer Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Google Cloud Professional Cloud Security Engineer Exam with our interactive quiz. Study with flashcards and multiple-choice questions, complete with hints and explanations. Ace your exam with confidence!

Practice this question and more.

To restrict service account creation capability in production environments centrally, what should be implemented?

IAM roles that limit account creation
Organization policy constraints
Billing alerts for account creation
Audit logs for service accounts

The correct answer is: Organization policy constraints

Implementing organization policy constraints is the most effective way to centrally control and restrict service account creation in production environments. Organization policies allow administrators to set specific rules and guardrails that apply across the entire Google Cloud organization, affecting all projects and resources within it. By using organization policy constraints, you can define precise parameters that dictate whether service accounts can be created, thus ensuring adherence to security and compliance mandates. This approach not only aids in maintaining a strict control over service account permissions but also helps prevent unauthorized or accidental service account creation, which could pose security risks. On the other hand, while IAM roles can influence access permissions and manage capabilities of users, they are not as effective for centralized policy enforcement regarding account creation. Similarly, billing alerts provide insight on spending but do not control or restrict actions related to account creation. Finally, audit logs are essential for monitoring and reviewing activities, but they do not prevent actions from occurring. Therefore, organization policy constraints directly address the need for controlled governance over service account lifecycle management.