Google Cloud Professional Cloud Security Engineer — Question 98

Your organization operates Virtual Machines (VMs) with only private IPs in the Virtual Private Cloud (VPC) with internet access through Cloud NAT. Everyday, you must patch all VMs with critical OS updates and provide summary reports.

What should you do?

Answer options

• A. Validate that the egress firewall rules allow any outgoing traffic. Log in to each VM and execute OS specific update commands. Configure the Cloud Scheduler job to update with critical patches daily for daily updates.
• B. Copy the latest patches to the Cloud Storage bucket. Log in to each VM, download the patches from the bucket, and install them.
• C. Assign public IPs to VMs. Validate that the egress firewall rules allow any outgoing traffic. Log in to each VM, and configure a daily cron job to enable for OS updates at night during low activity periods.
• D. Ensure that VM Manager is installed and running on the VMs. In the OS patch management service, configure the patch jobs to update with critical patches dally.

Correct answer: D

Explanation

The correct answer is D because VM Manager provides a centralized way to manage OS patching across VMs, ensuring that critical updates are applied consistently and efficiently. Options A and C require manual intervention and do not leverage automated patch management, while option B involves unnecessary steps of downloading patches rather than using a streamlined service.