Google Cloud Professional Cloud Security Engineer — Question 12

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

Answer options

• A. Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
• B. Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
• C. Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
• D. Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Correct answer: A

Explanation

The correct answer is A because it directly addresses the need to monitor the specific script executions and alerts when they exceed a certain threshold, effectively detecting potential abuse. Option B focuses on CPU usage, which may not correlate directly with script execution incidents. Options C and D involve logging but do not provide proactive alerts for detecting the specific repeated execution of the malicious script.