Google Cloud Professional Cloud Security Engineer Practice Exam

What should be done after a service account is accidentally deleted to recover application functionality quickly?

• A. Restore the entire project from backup
• B. Use the undelete command to recover the service account
• C. Manually recreate the service account and reassign roles
• D. Request a new service account from Google support

The correct answer is: Use the undelete command to recover the service account

Using the undelete command to recover the service account is the most efficient way to restore application functionality. When a service account is deleted, Google Cloud provides a built-in mechanism to recover that service account within a specific grace period, allowing for a quick recovery without having to redeploy resources or reconfigure services tied to that account. This is particularly advantageous as it minimizes downtime and the potential for configuration errors that could occur if the account were manually recreated. Restoring the entire project from backup may seem like a comprehensive approach, but it is often unnecessary and disruptive because it involves reverting all aspects of the project, not just the service account. This could introduce more issues than it resolves, especially if other configurations and resources have changed since the last backup. Manually recreating the service account and reassigning roles would involve additional steps and is more time-consuming compared to simply using the undelete command. This process also carries the risk of configuration drift, as it's possible to overlook some roles or settings initially assigned to the deleted account. Requesting a new service account from Google support is a last resort and could lead to significant delays in recovery efforts. It is not a practical solution for swift operational continuity, as it typically involves waiting for a response from support teams.