Google Cloud Professional Cloud Security Engineer — Question 139

After completing a security vulnerability assessment, you learned that cloud administrators leave Google Cloud CLI sessions open for days. You need to reduce the risk of attackers who might exploit these open sessions by setting these sessions to the minimum duration.

What should you do?

Answer options

• A. Set the session duration for the Google session control to one hour.
• B. Set the reauthentication frequency for the Google Cloud Session Control to one hour.
• C. Set the organization policy constraint constraints/iam.allowServiceAccountCredentialLifetimeExtension to one hour.
• D. Set the organization policy constraint constraints/iam.serviceAccountKeyExpiryHours to one hour and inheritFromParent to false.

Correct answer: B

Explanation

The correct answer is B because adjusting the reauthentication frequency helps to ensure that sessions are refreshed regularly, reducing the exposure time for potential attackers. Option A addresses session duration but does not specifically target reauthentication, while options C and D relate to service account key management rather than directly controlling session duration or security.