Answer-first summary for fast verification
Answer: 1. Use Google Shielded VM including secure boot, Virtual Trusted Platform Module (vTPM), and integrity monitoring. 2. Activate Confidential Computing. 3. Enforce these actions by using organization policies.
Option C is the correct answer because it comprehensively addresses both security requirements. Shielded VM with secure boot, vTPM, and integrity monitoring protects against boot-level and kernel-level malware by ensuring the integrity of the boot process and monitoring for unauthorized changes. Confidential Computing provides hardware-based encryption for data in use, preventing the underlying host system from accessing VM memory contents. Enforcing these through organization policies ensures consistent application across all workloads. Option A lacks Confidential Computing for data in use protection. Option B focuses only on threat detection without the foundational protections. Option D uses hardened images but doesn't include Shielded VM's specific boot and kernel protection features.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization needs to protect all workloads running on Compute Engine VMs to ensure the instances have not been compromised by boot-level or kernel-level malware. Additionally, you must guarantee that data in use on the VM cannot be read by the underlying host system using a hardware-based solution.
What should you do?
A
B
C
D
No comments yet.