Google Cloud Associate Cloud Engineer — Question 234

Your company's security vulnerability management policy wants a member of the security team to have visibility into vulnerabilities and other OS metadata for a specific Compute Engine instance. This Compute Engine instance hosts a critical application in your Google Cloud project. You need to implement your company's security vulnerability management policy. What should you do?

Answer options

• A. • Ensure that the Ops Agent is installed on the Compute Engine instance. • Create a custom metric in the Cloud Monitoring dashboard. • Provide the security team member with access to this dashboard.
• B. • Ensure that the Ops Agent is installed on the Compute Engine instance. • Provide the security team member roles/osconfig.inventoryViewer permission.
• C. • Ensure that the OS Config agent is installed on the Compute Engine instance. • Provide the security team member roles/osconfig.vulnerabilityReportViewer permission.
• D. • Ensure that the OS Config agent is installed on the Compute Engine instance. • Create a log sink to BigQuery dataset. • Provide the security team member with access to this dataset.

Correct answer: C

Explanation

The correct answer is C because installing the OS Config agent and granting the roles/osconfig.vulnerabilityReportViewer permission allows the security team member to access vulnerability data specific to that Compute Engine instance. Options A and B do not give the necessary permissions for vulnerability reporting, while D focuses on logging to BigQuery, which is not relevant to the visibility of vulnerabilities.