Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your organization uses a shared "dev-tools" project where several teams previously launched Compute Engine instances with the project's default service account. A recent audit shows the default service account is no longer attached to any running VM instances, but you are unsure whether some forgotten scripts or instance templates might still depend on it. As the security engineer, what action best reduces the risk of the account's broad permissions while still allowing you to recover quickly if an undiscovered dependency surfaces?

  • Leave the account active and grant project editors the Service Account Admin role so they can fix issues if something breaks.

  • Disable the default service account while leaving its existing IAM role bindings intact so you can quickly re-enable it if a hidden dependency appears.

  • Keep the service account enabled but rotate any user-managed keys monthly and rely on audit logs to detect misuse.

  • Permanently delete the default service account after exporting any user-managed keys, then recreate it if failures occur.

GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot