Answer-first summary for fast verification
Answer: Implement an organization policy to enforce that boot disks can only be created from images that come from the trusted image project.
The question requires ensuring that operating system images used across all projects are trusted and meet security requirements. Option A is the most direct and effective solution as it uses Google Cloud Organization Policy to enforce that boot disks can only be created from images in a trusted image project, preventing the use of untrusted images proactively. This aligns with Google Cloud best practices for image management and security enforcement at the organizational level. Option D, while useful for vulnerability scanning, is reactive and does not prevent the use of untrusted images initially. Option B is incorrect as the Shielded VM service focuses on VM integrity, not image trust enforcement. Option C is overly complex and does not scale well compared to organization policies. The community discussion strongly supports A, with high upvotes and references to Google documentation, while D is debated but not as universally accepted.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization is migrating virtual machines (VMs) to Google Cloud. You need to guarantee that the operating system images used across all your projects are trusted and compliant with your security standards.
What should you do?
A
Implement an organization policy to enforce that boot disks can only be created from images that come from the trusted image project.
B
Implement an organization policy constraint that enables the Shielded VM service on all projects to enforce the trusted image repository usage.
C
Create a Cloud Function that is automatically triggered when a new virtual machine is created from the trusted image repository. Verify that the image is not deprecated.
D
Automate a security scanner that verifies that no common vulnerabilities and exposures (CVEs) are present in your trusted image repository.
No comments yet.