🔥 3-day streak
Professional Cloud Security Engineer148 / 152
Question 148 of 152
A company runs microservices on a GKE cluster in a project named prod-apps. Each microservice currently authenticates to Cloud Storage and Pub/Sub using a downloaded service account JSON key mounted as a Kubernetes secret. The security team wants to eliminate long-lived service account keys entirely while allowing each Kubernetes service account to map to a distinct Google service account with least-privilege access. What should you implement?
Reviewed for accuracy · Report an issueNext question