Google Professional Cloud Security Engineer Exam - Topic 4 Question 25 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 25
Topic #: 4

[All Professional Cloud Security Engineer Questions]

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.

What should you do?

AUse the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

BUse the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.

CIn Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.

DIn Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.

Show Suggested Answer

Suggested Answer: B

https://cloud.google.com/compute/docs/images/restricting-image-access

by Brock at May 05, 2022, 07:07 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Skye

4 months ago

Wait, can you really limit images like that? Sounds tricky!

upvoted 0 times

...

Hubert

4 months ago

D sounds complicated, but could work.

upvoted 0 times

...

Jesusa

4 months ago

C seems a bit off, not sure it addresses the issue.

upvoted 0 times

...

Precious

4 months ago

I think B makes more sense for denying access.

upvoted 0 times

...

Iluminada

5 months ago

A is definitely the way to go for whitelisting.

upvoted 0 times

...

Alonzo

5 months ago

I’m leaning towards option A, but I’m a bit confused about how the allow operation works in this context.

upvoted 0 times

...

Brock

5 months ago

I feel like editing project permissions could be a part of the solution, but it doesn't seem like the main focus of this question.

upvoted 0 times

...

Joni

5 months ago

I remember a similar question where we had to set constraints, and I think the whitelist option makes more sense for limiting images.

upvoted 0 times

...

Curtis

5 months ago

I think we need to use the Organization Policy Service, but I'm not sure if we should allow or deny the projects.

upvoted 0 times

...

Jamika

5 months ago

Okay, I've got a plan. I'll focus on isolating the iSCSI network, setting up access controls, and ensuring the solution meets the security policy. I think Option C might be the way to go.

upvoted 0 times

...

Okay, let me see. I know data category visibility and licensing are important, so I'll start there. Then I'll look for other configuration settings that are crucial for maintaining the knowledge base.

upvoted 0 times

...

Lajuana

5 months ago

I'm not totally sure, but "decrypted on delivery" seems off to me. I remember it being about how schedules work, maybe?

upvoted 0 times

...

Teddy

5 months ago

Hmm, I'm a bit unsure about this one. I'll have to think it through carefully. Could A, B, or D all be considered forms of outsourcing administration in the cloud?

upvoted 0 times

...

Detra

5 months ago

Hmm, I'm a bit unsure about the specifics of how to prioritize the management traffic here. I'll need to think through the different DSCP markings and queue mapping options carefully to make sure I select the right approach.

upvoted 0 times

...