Google Exam Professional Cloud Security Engineer Topic 2 Question 97 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 97
Topic #: 2

[All Professional Cloud Security Engineer Questions]

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.

How should you advise this organization?

AUse Forseti with Firewall filters to catch any unwanted configurations in production.

BMandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.

CRoute all VPC traffic through customer-managed routers to detect malicious patterns in production.

DAll production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Show Suggested Answer

Suggested Answer: C, D

https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance#considerations

Confidential VM does not support live migration. You can only enable Confidential Computing on a VM when you first create the instance. https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance

by Nydia at Jan 23, 2025, 11:17 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Annabelle

5 days ago

I'm not sure about routing all VPC traffic through customer-managed routers. That sounds like a lot of overhead and complexity just to detect malicious patterns. I'd go with the infrastructure as code approach.

upvoted 0 times

...

Pearline

8 days ago

Option B seems like a solid choice. Enforcing policies through static analysis in the CI/CD pipeline is a great way to ensure security without slowing down the developers.

upvoted 0 times

...