Google Cloud Professional Cloud Security Engineer — Question 54

You are a Security Administrator at your organization. You need to restrict service account creation capability within production environments. You want to accomplish this centrally across the organization. What should you do?

Answer options

• A. Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.
• B. Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.
• C. Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.
• D. Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.

Correct answer: D

Explanation

The correct answer is D because the organization policy constraint 'iam.disableServiceAccountCreation' specifically prevents the creation of new service accounts across the organization. Options A, B, and C do not directly address the requirement to restrict the creation of service accounts. Option A focuses on access restrictions, while B and C pertain to disabling key creation and upload, which are not relevant to the direct creation of service accounts.