Google Cloud Professional Cloud Security Engineer — Question 283

You have created an OS image that is hardened per your organization's security standards and is being stored in a project managed by the security team. As a
Google Cloud administrator, you need to make sure all VMs in your Google Cloud organization can only use that specific OS image while minimizing operational overhead. What should you do? (Choose two.)

Answer options

• A. Grant users the compute.imageUser role in their own projects.
• B. Grant users the compute.imageUser role in the OS image project.
• C. Store the image in every project that is spun up in your organization.
• D. Set up an image access organization policy constraint, and list the security team managed project in the project's allow list.
• E. Remove VM instance creation permission from users of the projects, and only allow you and your team to create VM instances.

Correct answer: B, D

Explanation

The correct answer includes B, which ensures users have access to use the specific OS image stored in the security team's project, and D, which sets a policy to restrict image usage to that project. Options A and C do not restrict access properly, while E would unnecessarily limit VM creation capabilities across the organization.