Topic 1 Question 296
Your organization operates in a highly regulated industry and uses multiple Google Cloud services. You need to identify potential risks to regulatory compliance. Which situation introduces the greatest risk?
The security team mandates the use of customer-managed encryption keys (CMEK) for all data classified as sensitive.
Sensitive data is stored in a Cloud Storage bucket with the uniform bucket-level access setting enabled.
The audit team needs access to Cloud Audit Logs related to managed services like BigQuery.
Principals have broad IAM roles allowing the creation and management of Compute Engine VMs without a pre-defined hardening process.
ユーザの投票
コメント(2)
D - Lack of Control: This situation grants individuals broad permissions to create and manage VMs without ensuring that they adhere to necessary security standards. This lack of control can lead to the creation of vulnerable or non-compliant systems. Regulatory Implications: Depending on your industry and specific regulations, having unhardened systems can expose your organization to significant risks, such as data breaches, unauthorized access, or non-compliance with security requirements.
👍 3abdelrahman892024/10/04- 正解だと思う選択肢: D
It's D of course.
👍 2json4u2024/10/15
シャッフルモード