Google Cloud Professional Cloud Security Engineer — Question 162

Your organization operates in a highly regulated industry and uses multiple Google Cloud services. You need to identify potential risks to regulatory compliance. Which situation introduces the greatest risk?

Answer options

• A. The security team mandates the use of customer-managed encryption keys (CMEK) for all data classified as sensitive.
• B. Sensitive data is stored in a Cloud Storage bucket with the uniform bucket-level access setting enabled.
• C. The audit team needs access to Cloud Audit Logs related to managed services like BigQuery.
• D. Principals have broad IAM roles allowing the creation and management of Compute Engine VMs without a pre-defined hardening process.

Correct answer: D

Explanation

Option D poses the greatest risk because it allows users to create and manage Compute Engine VMs without a defined hardening process, potentially leading to security vulnerabilities. In contrast, option A is a security measure, option B has uniform access that can help manage permissions, and option C pertains to audit logs which are essential for compliance but do not introduce a direct risk.