Google Exam Professional Cloud Security Engineer Topic 2 Question 97 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 97
Topic #: 2

[All Professional Cloud Security Engineer Questions]

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.

How should you advise this organization?

AUse Forseti with Firewall filters to catch any unwanted configurations in production.

BMandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.

CRoute all VPC traffic through customer-managed routers to detect malicious patterns in production.

DAll production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Show Suggested Answer

Suggested Answer: C, D

https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance#considerations

Confidential VM does not support live migration. You can only enable Confidential Computing on a VM when you first create the instance. https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance

by Nydia at Jan 23, 2025, 11:17 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Brock

4 days ago

I see both points, but I think option B is more practical for enabling developer teams to deploy new applications without full review.

upvoted 0 times

...

Madalyn

4 days ago

I disagree, I believe option A is more effective. Forseti with Firewall filters can catch any unwanted configurations in production.

upvoted 0 times

...

Sanjuana

7 days ago

I think option B is the best choice. It ensures security policies are enforced during deployment.

upvoted 0 times

...