Google Cloud Professional Cloud Security Engineer — Question 340

Your organization's use of the Google Cloud has grown substantially and there are many different groups using different cloud resources independently. You must identify common misconfigurations and compliance violations across the organization and track findings for remedial action in a dashboard. What should you do?

Answer options

• A. Create a filter set in Cloud Asset Inventory to identify service accounts with high privileges and IAM principals with Gmail domains.
• B. Scan and alert vulnerabilities and misconfigurations by using Secure Health Analytics detectors in Security Command Center Premium.
• C. Set up filters on Cloud Audit Logs to flag log entries for specific, risky API calls, and display the calls in a Cloud Log Analytics dashboard.
• D. Alert and track emerging attacks detected in your environment by using Event Threat Detection detectors.

Correct answer: B

Explanation

The correct answer is B because Secure Health Analytics in Security Command Center Premium is designed specifically to scan for vulnerabilities and misconfigurations across Google Cloud resources. The other options, while useful for different purposes, do not focus on identifying and tracking compliance violations in a centralized manner as effectively as Secure Health Analytics does.