Topic 1 Question 284
You are responsible for a set of Cloud Functions running on your organization's Google Cloud environment. During the last annual security review, secrets were identified in environment variables of some of these Cloud Functions. You must ensure that secrets are identified in a timely manner. What should you do?
Implement regular peer reviews to assess the environment variables and identify secrets in your Cloud Functions. Raise a security incident if secrets are discovered.
Implement a Cloud Function that scans the environment variables multiple times a day, and creates a finding in Security Command Center if secrets are discovered.
Use Sensitive Data Protection to scan the environment variables multiple times per day, and create a finding in Security Command Center if secrets are discovered.
Integrate dynamic application security testing into the CI/CD pipeline that scans the application code for the Cloud Functions. Fail the build process if secrets are discovered.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
I think it's D.
👍 3yokoyan2024/09/05 Correct answer - D. For answer C, you need to integrate Sensitive Data Protection with CI/CD pipelines, which is missing here.
👍 3brpjp2024/09/20- 正解だと思う選択肢: C
I think C:
To perform secrets discovery, you create a discovery scan configuration at the organization or project level. Within your selected scope, Sensitive Data Protection periodically scans Cloud Run functions for secrets in build and runtime environment variables.
If a secret is present in an environment variable, Sensitive Data Protection sends a Secrets in environment variables vulnerability finding to Security Command Center. No data profiles are generated. Any findings are only available through Security Command Center.
Sensitive Data Protection generates a maximum of one finding per function. For example, if secrets are found in two environment variables in the same function, only one finding is generated in Security Command Center.
👍 2dat9872024/10/12
シャッフルモード