Google Cloud Professional Cloud Security Engineer — Question 228

A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing.
How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?

Answer options

• A. Build new base images when patches are available, and use a CI/CD pipeline to rebuild VMs, deploying incrementally.
• B. Federate a Domain Controller into Compute Engine, and roll out weekly patches via Group Policy Object.
• C. Use Deployment Manager to provision updated VMs into new serving Instance Groups (IGs).
• D. Reboot all VMs during the weekly maintenance window and allow the StartUp Script to download the latest patches from the internet.

Correct answer: A

Explanation

The correct answer, A, focuses on a proactive approach by using CI/CD pipelines to ensure VMs are consistently updated with the latest patches. Option B relies on Group Policy, which may not be as effective in a cloud environment. Option C suggests using Deployment Manager, but it does not directly address the patching process. Option D depends on the StartUp Script, which may not guarantee timely updates.