Explanation:
Option C is the correct answer because it comprehensively addresses both security requirements. Shielded VM with secure boot, vTPM, and integrity monitoring protects against boot-level and kernel-level malware by ensuring the integrity of the boot process and monitoring for unauthorized changes. Confidential Computing provides hardware-based encryption for data in use, preventing the underlying host system from accessing VM memory contents. Enforcing these through organization policies ensures consistent application across all workloads. Option A lacks Confidential Computing for data in use protection. Option B focuses only on threat detection without the foundational protections. Option D uses hardened images but doesn't include Shielded VM's specific boot and kernel protection features.
Ultimate access to all questions.
No comments yet.
Your organization needs to protect all workloads running on Compute Engine VMs to ensure the instances have not been compromised by boot-level or kernel-level malware. Additionally, you must guarantee that data in use on the VM cannot be read by the underlying host system using a hardware-based solution.
What should you do?
A
B
C
D