Google Cloud Professional Cloud Security Engineer — Question 102

Your organization is moving virtual machines (VMs) to Google Cloud. You must ensure that operating system images that are used across your projects are trusted and meet your security requirements.

What should you do?

Answer options

• A. Implement an organization policy to enforce that boot disks can only be created from images that come from the trusted image project.
• B. Implement an organization policy constraint that enables the Shielded VM service on all projects to enforce the trusted image repository usage.
• C. Create a Cloud Function that is automatically triggered when a new virtual machine is created from the trusted image repository. Verify that the image is not deprecated.
• D. Automate a security scanner that verifies that no common vulnerabilities and exposures (CVEs) are present in your trusted image repository.

Correct answer: A

Explanation

The correct answer is A because implementing an organization policy ensures that only images from a trusted source can be used for boot disks, thereby enforcing security compliance. Option B focuses on enabling the Shielded VM service but does not directly address the image source. Option C, while useful for verifying images, does not prevent the use of untrusted images upfront. Option D addresses security scanning but does not enforce the use of trusted images for VM creation.