Google Cloud Professional Cloud Security Engineer — Question 38

A company's application is deployed with a user-managed Service Account key. You want to use Google-recommended practices to rotate the key.
What should you do?

Answer options

• A. Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNT.
• B. Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEY.
• C. Create a new key, and use the new key in the application. Delete the old key from the Service Account.
• D. Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

Correct answer: C

Explanation

The correct answer is C because it aligns with best practices by ensuring that only the current key is active in the application while the old key is removed to reduce security risks. Answers A and B are incorrect as they do not follow the recommended manual process of key rotation, and D is not advisable since storing the old key poses a security risk.