Google Cloud Professional Cloud Security Engineer — Question 113

A service account key has been publicly exposed on multiple public code repositories. After reviewing the logs, you notice that the keys were used to generate short-lived credentials. You need to immediately remove access with the service account.

What should you do?

Answer options

• A. Delete the compromised service account.
• B. Disable the compromised service account key.
• C. Wait until the service account credentials expire automatically.
• D. Rotate the compromised service account key.

Correct answer: A

Explanation

Deleting the compromised service account is the most effective way to ensure that no further access can be obtained using the exposed key. Disabling the service account key would still leave the account intact and could allow for potential future misuse. Waiting for the credentials to expire is not a proactive measure and leaves the account vulnerable in the meantime. Rotating the key may not be sufficient if the account itself is compromised.