Google Cloud Professional Cloud Security Engineer — Question 341

You are responsible for a set of Cloud Functions running on your organization's Google Cloud environment. During the last annual security review, secrets were identified in environment variables of some of these Cloud Functions. You must ensure that secrets are identified in a timely manner. What should you do?

Answer options

• A. Implement regular peer reviews to assess the environment variables and identify secrets in your Cloud Functions. Raise a security incident if secrets are discovered.
• B. Implement a Cloud Function that scans the environment variables multiple times a day, and creates a finding in Security Command Center if secrets are discovered.
• C. Use Sensitive Data Protection to scan the environment variables multiple times per day, and create a finding in Security Command Center if secrets are discovered.
• D. Integrate dynamic application security testing into the CI/CD pipeline that scans the application code for the Cloud Functions. Fail the build process if secrets are discovered.

Correct answer: C

Explanation

The correct answer is C because Sensitive Data Protection is specifically designed to scan for sensitive information like secrets in environment variables and can automatically create findings in Security Command Center. Options A and B lack the automated and specialized approach of Sensitive Data Protection, making them less effective. Option D focuses on application code rather than environment variables, which is not the immediate concern in this scenario.