Google Cloud Professional Cloud Security Engineer — Question 99

For compliance reporting purposes, the internal audit department needs you to provide the list of virtual machines (VMs) that have critical operating system (OS) security updates available, but not installed. You must provide this list every six months, and you want to perform this task quickly.

What should you do?

Answer options

• A. Run a Security Command Center security scan on all VMs to extract a list of VMs with critical OS vulnerabilities every six months.
• B. Run a gcloud CLI command from the Command Line Interface (CLI) to extract the VM's OS version information every six months.
• C. Ensure that the Cloud Logging agent is installed on all VMs, and extract the OS last update log date every six months.
• D. Ensure the OS Config agent is installed on all VMs and extract the patch status dashboard every six months.

Correct answer: D

Explanation

The correct answer is D because the OS Config agent specifically provides patch management capabilities, allowing you to extract the patch status dashboard, which is essential for identifying critical OS security updates that are not installed. Options A and B do not provide a comprehensive solution for tracking update status, and option C relies on logging rather than actively managing OS updates.