Practice free →
HomeGCP Professional Cloud Architectcloudcomputinggcppcasecurity › Which GCP IAM feature lets a less-privileged use…

Which GCP IAM feature lets a less-privileged user temporarily assume the identity of a more-privileged service account WITHOUT having that account's key?

AGranting Owner to every user
BDisabling IAM
CService-account impersonation (via Service Account Token Creator role)
DSharing the service-account JSON key file
Answer & Solution
Correct answer: C. Service-account impersonation (via Service Account Token Creator role)
Service-account impersonation grants short-lived tokens via the Token Creator role (per the exam guide §3.1). The other options are textbook security antipatterns.
Solve this in the app — GCP Professional Cloud Architect practice & 24k+ MCQs →
Related questions