Google Exam Professional Cloud Security Engineer Topic 4 Question 81 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 81
Topic #: 4

[All Professional Cloud Security Engineer Questions]

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

A1. Enable Container Threat Detection in the Security Command Center Premium tier.
* 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
* 3. View and share the results from the Security Command Center

B* 1. Use an open source tool in Cloud Build to scan the images.
* 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil
* 3. Share the scan report link with your security department.

C* 1. Enable vulnerability scanning in the Artifact Registry settings.
* 2. Use Cloud Build to build the images
* 3. Push the images to the Artifact Registry for automatic scanning.
* 4. View the reports in the Artifact Registry.

D* 1. Get a GitHub subscription.
* 2. Build the images in Cloud Build and store them in GitHub for automatic scanning
* 3. Download the report from GitHub and share with the Security Team

Show Suggested Answer

Suggested Answer: C

'The service evaluates all changes and remote access attempts to detect runtime attacks in near-real time.' : https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview This has nothing to do with KNOWN security Vulns in images

by Sage at Jun 18, 2024, 10:45 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Odette

9 months ago

I agree with Maynard, Option C is the way to go. Keeping everything within the Google Cloud ecosystem makes the most sense for this use case.

upvoted 0 times

Craig

7 months ago

Agreed. It's important to keep security measures within the same ecosystem.

upvoted 0 times

...

Keshia

7 months ago

I think so too. Using Artifact Registry for automatic scanning is a smart move.

upvoted 0 times

...

Tricia

8 months ago

Option C is definitely the best choice. It keeps everything secure within Google Cloud.

upvoted 0 times

...

Kati

8 months ago

Agreed, using Cloud Build to build and push images for automatic scanning is the way to go.

upvoted 0 times

...

Jacquelyne

8 months ago

I think enabling vulnerability scanning in the Artifact Registry is a smart move. It's all about security.

upvoted 0 times

...

Providencia

8 months ago

Option C is definitely the best choice. It keeps everything secure within Google Cloud.

upvoted 0 times

...

Alberto

9 months ago

Haha, getting a GitHub subscription just to download a security report? Option D is a bit overkill, don't you think?

upvoted 0 times

Wade

8 months ago

B: Definitely, I think Option A or C would be more efficient for scanning and sharing the report securely.

upvoted 0 times

...

Laura

9 months ago

A: Yeah, I agree. Option D seems like too much work for just sharing a security report.

upvoted 0 times

...

Tasia

9 months ago

I think enabling vulnerability scanning in the Artifact Registry settings and pushing images for automatic scanning is the way to go.

upvoted 0 times

...

Jenelle

10 months ago

I prefer using an open source tool in Cloud Build to scan the images and share the report link with the security department.

upvoted 0 times

...

Heike

10 months ago

I like how Option C integrates the security scanning directly into the build and deployment process. That way, you don't have to worry about additional steps to share the reports.

upvoted 0 times

...

Maynard

10 months ago

Option C seems to be the most comprehensive solution. Scanning the images in the Artifact Registry and viewing the reports right there is a clean and efficient approach.

upvoted 0 times

Ettie

9 months ago

Using Artifact Registry for vulnerability scanning and viewing the reports there is a smart move.

upvoted 0 times

...

Jerry

9 months ago

I agree, option C seems like the best choice for securely scanning and sharing the reports.

upvoted 0 times

...

Shantay

9 months ago

Definitely, it's important to have a streamlined solution for security scanning and reporting.

upvoted 0 times

...

Elin

10 months ago

I agree, using Artifact Registry for automatic scanning and viewing reports in one place simplifies the process.

upvoted 0 times

...

Kanisha

10 months ago

Option C seems to be the most comprehensive solution. Scanning the images in the Artifact Registry and viewing the reports right there is a clean and efficient approach.

upvoted 0 times

...

Kristofer

10 months ago

I agree with Winifred, upgrading all clusters to the latest GKE version is crucial for security.

upvoted 0 times

...

Winifred

10 months ago

I think we should enable Container Threat Detection in the Security Command Center Premium tier.

upvoted 0 times

...