Google Cloud Professional Cloud Security Engineer — Question 171

Your organization is using Vertex AI Workbench Instances. You must ensure that newly deployed Instances are automatically kept up-to-date and that users cannot accidentally alter settings in the operating system. What should you do?

Answer options

• A. Enforce the disableRootAccesa and requireAutoUpgradeSchedule organization policies for newly deployed Instances.
• B. Enable the VM Manager and ensure the corresponding Google Compute Engine instances are added.
• C. Implement a firewall rule that prevents Secure Shell access to the corresponding Google Compute Engine instances by using tags.
• D. Assign the AI Notebooks Runner and AI Notebooks Viewer roles to the users of the AI Workbench Instances.

Correct answer: A

Explanation

The correct answer is A because enforcing the disableRootAccess and requireAutoUpgradeSchedule policies ensures that the operating system settings remain unchanged and that Instances are kept up-to-date automatically. Option B, while enabling VM Manager is helpful, does not directly address the requirement of preventing users from altering OS settings. Options C and D do not contribute to the automatic updating of Instances or preventing changes to the OS settings.