Your organization needs to implement an automated process for continuous evaluation against the CIS Google Cloud Computing Foundations Benchmark v1.3.0, while excluding specific controls that are irrelevant. How should you proceed?

Exam-Like

Last updated: December 16, 2025 at 14:04

Mark all security findings that are irrelevant with a tag and a value that indicates a security exception. Select all marked findings, and mute them on the console every time they appear. Activate Security Command Center (SCC) Premium.

Activate Security Command Center (SCC) Premium. Create a rule to mute the security findings in SCC so they are not evaluated.

Download all findings from Security Command Center (SCC) to a CSV file. Mark the findings that are part of CIS Google Cloud Foundation 1.3 in the file. Ignore the entries that are irrelevant and out of scope for the company.

Ask an external audit company to provide independent reports including needed CIS benchmarks. In the scope of the audit, clarify that some of the controls are not needed and must be disregarded.

Google Professional Cloud Security Engineer

Get started today

Comments

Your organization needs to implement an automated process for continuous evaluation against the CIS Google Cloud Computing Foundations Benchmark v1.3.0, while excluding specific controls that are irrelevant. How should you proceed?