Answer-first summary for fast verification
Answer: Ensure the OS Config agent is installed on all VMs and extract the patch status dashboard every six months.
Option D is the correct choice because the OS Config agent (part of VM Manager) is specifically designed to provide comprehensive patch management information, including which critical security updates are available but not installed. It offers a dedicated dashboard and API for efficiently extracting patch compliance status across all VMs. Option A is incorrect because Security Command Center's VM vulnerability scanning relies on VM Manager (which includes OS Config) and may not provide the specific 'available but not installed' status directly. Option B is insufficient as gcloud CLI only provides basic OS version information, not patch availability status. Option C is less effective because Cloud Logging agent logs update activities but doesn't systematically track which critical updates are available but uninstalled across the entire VM fleet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to generate a list of all virtual machines (VMs) with available but uninstalled critical operating system (OS) security updates for a semi-annual compliance report. How can you accomplish this task efficiently?
A
Run a Security Command Center security scan on all VMs to extract a list of VMs with critical OS vulnerabilities every six months.
B
Run a gcloud CLI command from the Command Line Interface (CLI) to extract the VM's OS version information every six months.
C
Ensure that the Cloud Logging agent is installed on all VMs, and extract the OS last update log date every six months.
D
Ensure the OS Config agent is installed on all VMs and extract the patch status dashboard every six months.
No comments yet.