Google Cloud Professional Cloud Security Engineer — Question 109

You are auditing all your Google Cloud resources in the production project. You want to identify all principals who can change firewall rules.

What should you do?

Answer options

• A. Use Policy Analyzer to query the permissions compute.firewalls.get or compute.firewalls.list.
• B. Use Firewall Insights to understand your firewall rules usage patterns.
• C. Reference the Security Health Analytics – Firewall Vulnerability Findings in the Security Command Center.
• D. Use Policy Analyzer to query the permissions compute.firewalls.create or compute.firewalls.update or compute.firewalls.delete.

Correct answer: D

Explanation

The correct answer is D because it targets the permissions related to creating, updating, or deleting firewall rules, which directly impacts the ability to change them. Options A, B, and C do not provide the necessary permissions to determine who can modify the rules; rather, they focus on querying existing rules or analyzing usage without addressing permissions for modification.