Answer-first summary for fast verification
Answer: Use a Cloud Audit Logs trigger to invoke a Cloud Function when a Compute Engine VM is created. Check for missing labels and assign them if necessary.
The question requires ensuring Compute Engine VMs have correct labels in a scalable way without altering the deployment process. Option A uses Cloud Audit Logs to trigger a Cloud Function when a VM is created. This event-driven approach automatically checks and assigns labels in real-time, covering all creation methods (console/gcloud CLI) and ensuring compliance without manual intervention. Options B and C are less ideal: B only applies to Terraform-provisioned VMs (not covering console/gcloud CLI), and C uses periodic checks (less efficient and delayed). Option D is manual and not scalable. A provides immediate, scalable enforcement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you ensure that all Compute Engine VMs are properly labeled for compliance without altering the existing deployment process, using the most scalable approach, when your infrastructure team manages VMs via Google Cloud console and gcloud CLI?
(If including a code block from OCR, correct any syntax errors/typos here while preserving the original intent.)
A
Use a Cloud Audit Logs trigger to invoke a Cloud Function when a Compute Engine VM is created. Check for missing labels and assign them if necessary.
B
Deploy resources with Terraform. Use the gcloud terraform vet command with a policy to ensure that every Compute Engine VM that is provisioned by Terraform has labels set.
C
Write a script to check all Compute Engine VMs for missing labels regularly by using Cloud Scheduler. Use the script to assign the labels.
D
Check all Compute Engine VMs for missing labels regularly. Use the console to assign the labels.
No comments yet.