Google Cloud Professional Cloud Security Engineer — Question 255

Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.
What should you do?

Answer options

• A. Temporarily disable authentication on the Cloud Storage bucket.
• B. Use the undelete command to recover the deleted service account.
• C. Create a new service account with the same name as the deleted service account.
• D. Update the permissions of another existing service account and supply those credentials to the applications.

Correct answer: B

Explanation

The correct answer is B because using the undelete command allows you to recover the deleted service account, restoring the application's functionality without creating new accounts or altering permissions. Options A and C do not address the root cause of the issue, and option D could introduce security risks by modifying existing permissions, which is not ideal for a quick recovery.