Google Cloud Professional Cloud Security Engineer — Question 352

An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in
Google Cloud and where Google's responsibility lies. They are mostly running workloads using Google Cloud's platform-as-a-Service (PaaS) offerings, including
App Engine primarily.
Which area in the technology stack should they focus on as their primary responsibility when using App Engine?

Answer options

• A. Configuring and monitoring VPC Flow Logs
• B. Defending against XSS and SQLi attacks
• C. Managing the latest updates and security patches for the Guest OS
• D. Encrypting all stored data

Correct answer: B

Explanation

The correct answer is B because when using App Engine, the organization is responsible for securing their application code against vulnerabilities like XSS and SQL injection. Options A, C, and D are primarily managed by Google as they pertain to infrastructure and platform security, which is outside the organization's direct responsibility.