New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 2 Question 97 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 97
Topic #: 2
[All Professional Cloud Security Engineer Questions]

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.

How should you advise this organization?

Show Suggested Answer Hide Answer
Suggested Answer: C, D

https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance#considerations

Confidential VM does not support live migration. You can only enable Confidential Computing on a VM when you first create the instance. https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance


by Nydia at Jan 23, 2025, 11:17 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ruby
3 months ago
Surprised that no one mentioned the importance of manual reviews!
upvoted 0 times
...
Brittni
3 months ago
D sounds risky... free rein in GCP? Really?
upvoted 0 times
...
Hollis
3 months ago
A could work, but it might not catch everything.
upvoted 0 times
...
Teri
4 months ago
Totally agree with B! Infrastructure as code is the way to go.
upvoted 0 times
...
Lezlie
4 months ago
I think B is the best option for enforcing policies.
upvoted 0 times
...
Darrin
4 months ago
I think option D could lead to some risks. Allowing free rein in GCP without oversight seems like it could backfire. I’d lean towards something more structured.
upvoted 0 times
...
Ricki
4 months ago
Routing all traffic through customer-managed routers sounds like a good security measure, but I feel like it might complicate things. Not sure if C is the best approach.
upvoted 0 times
...
Nana
4 months ago
I'm not entirely sure about the specifics of Forseti, but I think it was mentioned in a practice question about monitoring configurations. Maybe A is worth considering?
upvoted 0 times
...
Pauline
5 months ago
I remember we discussed the importance of using infrastructure as code to streamline deployments. It seems like B could be the right choice.
upvoted 0 times
...
Kenny
5 months ago
This is a tough one, but I think the key is finding the right balance. Routing all VPC traffic through customer-managed routers could work, but it might be overkill. I'll need to weigh the pros and cons of each approach.
upvoted 0 times
...
Murray
5 months ago
Ah, this is a classic security vs. agility challenge. I like the idea of using Forseti with firewall filters to catch any issues in production, but I'll need to consider the other options as well.
upvoted 0 times
...
Lashawn
5 months ago
Okay, I think I've got a handle on this. Mandating infrastructure as code and static analysis in the CI/CD pipeline sounds like a good way to balance developer autonomy and security.
upvoted 0 times
...
Yesenia
5 months ago
Hmm, I'm a bit unsure about this. I'll need to review the options carefully and make sure I understand the implications of each approach.
upvoted 0 times
...
Nichelle
5 months ago
This seems like a tricky one. I'll need to think through the trade-offs between developer agility and security controls.
upvoted 0 times
...
Dorthy
5 months ago
I'm feeling pretty confident about this one. Option B seems like the way to go - it's a good balance between security and developer agility. I'd recommend that approach.
upvoted 0 times
...
Darci
5 months ago
Okay, I think I've got a handle on this. Mandating infrastructure as code and using static analysis in the CI/CD pipeline sounds like a good approach to me. That way, the developers can still move quickly, but you can still enforce the necessary security policies.
upvoted 0 times
...
Francesco
5 months ago
Hmm, I'm a bit confused by the options here. I'm not familiar with Forseti or customer-managed routers, so I'll need to do some research on those before I can decide.
upvoted 0 times
...
Sonia
5 months ago
This seems like a tricky one. I'm not sure if I fully understand the requirements, but I think the key is to find a way to enforce security policies without slowing down the developers too much.
upvoted 0 times
...
Brynn
9 months ago
Option B all the way! Enforcing policies through code is the way to go. Plus, it's a great way to keep the developers on their toes. I bet they'll be writing the most secure code ever. Or, you know, just finding creative ways to bypass the rules. Either way, it's a win-win!
upvoted 0 times
...
Mira
9 months ago
Forseti with Firewall filters? Sounds like a bunch of tech-y mumbo jumbo to me. I'm just going to go with whatever option has the least amount of work for the developers. They're the ones who have to deal with this stuff, right?
upvoted 0 times
Miriam
8 months ago
Forseti with Firewall filters? Sounds like a bunch of tech-y mumbo jumbo to me. I'm just going to go with whatever option has the least amount of work for the developers. They're the ones who have to deal with this stuff, right?
upvoted 0 times
...
Sunny
9 months ago
D) All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.
upvoted 0 times
...
Wilda
9 months ago
B) Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
upvoted 0 times
...
Olga
9 months ago
B) Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
upvoted 0 times
...
Krissy
9 months ago
A) Use Forseti with Firewall filters to catch any unwanted configurations in production.
upvoted 0 times
...
...
Linn
10 months ago
Allowing developers free rein in GCP as their dev and QA platforms? That's a recipe for disaster! I can't believe that's even an option. On-premises all the way, baby!
upvoted 0 times
Beckie
9 months ago
Allowing developers free rein in GCP as their dev and QA platforms? That's a recipe for disaster! I can't believe that's even an option. On-premises all the way, baby!
upvoted 0 times
...
Edna
9 months ago
B) Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
upvoted 0 times
...
Lashawn
9 months ago
A) Use Forseti with Firewall filters to catch any unwanted configurations in production.
upvoted 0 times
...
...
Annabelle
10 months ago
I'm not sure about routing all VPC traffic through customer-managed routers. That sounds like a lot of overhead and complexity just to detect malicious patterns. I'd go with the infrastructure as code approach.
upvoted 0 times
Billye
10 months ago
B) Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
upvoted 0 times
...
Darci
10 months ago
A) Use Forseti with Firewall filters to catch any unwanted configurations in production.
upvoted 0 times
...
...
Pearline
11 months ago
Option B seems like a solid choice. Enforcing policies through static analysis in the CI/CD pipeline is a great way to ensure security without slowing down the developers.
upvoted 0 times
Tricia
9 months ago
User 4: Using infrastructure as code can definitely streamline the process.
upvoted 0 times
...
Emogene
10 months ago
User 3: It's important to maintain security without hindering the developers' workflow.
upvoted 0 times
...
Brett
10 months ago
User 2: I agree, enforcing policies through static analysis in the CI/CD pipeline is efficient.
upvoted 0 times
...
Trinidad
10 months ago
User 1: Option B seems like a solid choice.
upvoted 0 times
...
...
Brock
11 months ago
I see both points, but I think option B is more practical for enabling developer teams to deploy new applications without full review.
upvoted 0 times
...
Madalyn
11 months ago
I disagree, I believe option A is more effective. Forseti with Firewall filters can catch any unwanted configurations in production.
upvoted 0 times
...
Sanjuana
11 months ago
I think option B is the best choice. It ensures security policies are enforced during deployment.
upvoted 0 times
...

Save Cancel