Google Professional Cloud Security Engineer Exam - Topic 4 Question 81 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 81
Topic #: 4

[All Professional Cloud Security Engineer Questions]

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

A1. Enable Container Threat Detection in the Security Command Center Premium tier.
* 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
* 3. View and share the results from the Security Command Center

B* 1. Use an open source tool in Cloud Build to scan the images.
* 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil
* 3. Share the scan report link with your security department.

C* 1. Enable vulnerability scanning in the Artifact Registry settings.
* 2. Use Cloud Build to build the images
* 3. Push the images to the Artifact Registry for automatic scanning.
* 4. View the reports in the Artifact Registry.

D* 1. Get a GitHub subscription.
* 2. Build the images in Cloud Build and store them in GitHub for automatic scanning
* 3. Download the report from GitHub and share with the Security Team

Show Suggested Answer

Suggested Answer: C

'The service evaluates all changes and remote access attempts to detect runtime attacks in near-real time.' : https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview This has nothing to do with KNOWN security Vulns in images

by Sage at Jun 18, 2024, 10:45 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Derrick

3 months ago

Wait, can we really trust open source tools for this?

upvoted 0 times

...

Aliza

3 months ago

Totally agree with A, it keeps everything within Google Cloud!

upvoted 0 times

...

Lyla

3 months ago

D seems risky, sharing reports from GitHub?

upvoted 0 times

...

Nobuko

4 months ago

I think C is more efficient with Artifact Registry.

upvoted 0 times

...

Tijuana

4 months ago

A is the best option for security!

upvoted 0 times

...

Katheryn

4 months ago

I feel like option D is not the best fit since it involves GitHub, and I don't recall us discussing that as a secure method for sharing reports.

upvoted 0 times

...

Rosio

4 months ago

I'm a bit confused about option B; uploading reports to public buckets seems risky. I don't think that's what we should do for sensitive data.

upvoted 0 times

...

Bernardo

4 months ago

I remember practicing a question about using Artifact Registry for vulnerability scanning, so option C might be the right choice here.

upvoted 0 times

...

Susana

5 months ago

I think option A sounds familiar because we talked about the Security Command Center in class, but I'm not sure if it covers sharing reports securely.

upvoted 0 times

...

Lindsey

5 months ago

Ah, this is a good one. I've worked with GKE and security scanning before, so I think I can provide a solid solution.

upvoted 0 times

...

Tarra

5 months ago

Okay, let me think this through step-by-step. I want to make sure I cover all the key requirements in my answer.

upvoted 0 times

...

Rex

5 months ago

Hmm, I'm a bit unsure about the different options here. I'll need to carefully read through each one to make sure I understand the nuances.

upvoted 0 times

...

Leslie

5 months ago

This seems like a straightforward question, I'm confident I can handle it.

upvoted 0 times

...

Moon

5 months ago

I'm a bit confused by the options, but I'll give it my best shot and try to eliminate the less relevant choices.

upvoted 0 times

...

Margot

5 months ago

Hmm, I'm a bit unsure about the difference between phased deployment and continuous deployment. I'll need to think that part through carefully.

upvoted 0 times

...

Glendora

5 months ago

Easy, the answer is C - Executive Management. They're the ones who set the tone for the organization, so they need to be on board with the security program from the start.

upvoted 0 times

...

Odette

2 years ago

I agree with Maynard, Option C is the way to go. Keeping everything within the Google Cloud ecosystem makes the most sense for this use case.

upvoted 0 times

Craig

1 year ago

Agreed. It's important to keep security measures within the same ecosystem.

upvoted 0 times

...

Keshia

2 years ago

I think so too. Using Artifact Registry for automatic scanning is a smart move.

upvoted 0 times

...

Tricia

2 years ago

Option C is definitely the best choice. It keeps everything secure within Google Cloud.

upvoted 0 times

...

Kati

2 years ago

Agreed, using Cloud Build to build and push images for automatic scanning is the way to go.

upvoted 0 times

...

Jacquelyne

2 years ago

I think enabling vulnerability scanning in the Artifact Registry is a smart move. It's all about security.

upvoted 0 times

...

Providencia

2 years ago

Option C is definitely the best choice. It keeps everything secure within Google Cloud.

upvoted 0 times

...

Alberto

2 years ago

Haha, getting a GitHub subscription just to download a security report? Option D is a bit overkill, don't you think?

upvoted 0 times

Wade

2 years ago

B: Definitely, I think Option A or C would be more efficient for scanning and sharing the report securely.

upvoted 0 times

...

Laura

2 years ago

A: Yeah, I agree. Option D seems like too much work for just sharing a security report.

upvoted 0 times

...

Tasia

2 years ago

I think enabling vulnerability scanning in the Artifact Registry settings and pushing images for automatic scanning is the way to go.

upvoted 0 times

...

Jenelle

2 years ago

I prefer using an open source tool in Cloud Build to scan the images and share the report link with the security department.

upvoted 0 times

...

Heike

2 years ago

I like how Option C integrates the security scanning directly into the build and deployment process. That way, you don't have to worry about additional steps to share the reports.

upvoted 0 times

...

Maynard

2 years ago

Option C seems to be the most comprehensive solution. Scanning the images in the Artifact Registry and viewing the reports right there is a clean and efficient approach.

upvoted 0 times

Ettie

2 years ago

Using Artifact Registry for vulnerability scanning and viewing the reports there is a smart move.

upvoted 0 times

...

Jerry

2 years ago

I agree, option C seems like the best choice for securely scanning and sharing the reports.

upvoted 0 times

...

Shantay

2 years ago

Definitely, it's important to have a streamlined solution for security scanning and reporting.

upvoted 0 times

...

Elin

2 years ago

I agree, using Artifact Registry for automatic scanning and viewing reports in one place simplifies the process.

upvoted 0 times

...

Kanisha

2 years ago

Option C seems to be the most comprehensive solution. Scanning the images in the Artifact Registry and viewing the reports right there is a clean and efficient approach.

upvoted 0 times

...

Kristofer

2 years ago

I agree with Winifred, upgrading all clusters to the latest GKE version is crucial for security.

upvoted 0 times

...

Winifred

2 years ago

I think we should enable Container Threat Detection in the Security Command Center Premium tier.

upvoted 0 times

...