Google Cloud Professional Cloud Architect — Question 221

Your organization is implementing a new cloud-native application on Google Cloud and needs to ensure compliance with the ISO/IEC 27001 framework. You want to leverage Google Cloud’s security reports and documentation to support your ISO/IEC 27001 audit process. What should you do?

Answer options

• A. Engage an independent auditor to conduct an ISO/IEC 27001 audit of your organization's Google Cloud implementation.
• B. Download the ISO/IEC 27001 report for Google Cloud through internet search.
• C. Review the Compliance Reports Manager for information about ISO/IEC 27001 compliance and related documentation on obtaining reports through your Google Cloud account.
• D. Utilize the Cloud Audit Logs service for accessing and requesting the ISO/IEC 27001 reports.

Correct answer: C

Explanation

The correct answer is C because the Compliance Reports Manager provides specific information and documentation related to ISO/IEC 27001 compliance within your Google Cloud account. Option A is incorrect as engaging an independent auditor is not necessary when you can access the required reports directly. Option B is wrong because downloading the report through an internet search is not a reliable method; the reports should be accessed through official Google Cloud resources. Option D is also incorrect since Cloud Audit Logs does not provide direct access to ISO/IEC 27001 reports.