Google Cloud Professional Security Operations Engineer — Question 24

Your company's risk management and compliance team requires regular reporting on compliance with industry standard control frameworks for a regulated business unit that continuously adds projects. You need to create a report that includes evidence of non-compliant resources found in this environment. How should you generate this report?

Answer options

• A. Run an audit using the compliance framework in Audit Manager. Export the evaluation for consumption by the second-line team.
• B. Run queries for the required controls using the Cloud Asset Inventory data stored in BigQuery. Schedule this report to run regularly.
• C. Implement the control framework using Rego, and deploy this framework in Workload Manager. Schedule a regular report in Workload Manager.
• D. Implement the built-in posture for the compliance framework within the Security Command Center (SCC) posture.

Correct answer: D

Explanation

The correct answer is D because the Security Command Center (SCC) posture provides a comprehensive view of compliance with built-in capabilities specifically designed to identify non-compliant resources. The other options, while they may offer valid reporting methods, do not inherently focus on the compliance framework's built-in features to ensure complete coverage for regulatory requirements.