Answer-first summary for fast verification
Answer: Use VM Manager to automatically distribute and apply patches to YMs across your projects. Integrate VM Manager with hardened, organization-standard VM images stored in a central repository.
The question requires centralizing VM image management and automating security baseline enforcement throughout the entire VM lifecycle. Option A is optimal because VM Manager provides comprehensive lifecycle management including automated patch distribution, configuration management, and compliance enforcement across projects, while integrating with hardened organization-standard images from a central repository ensures consistent security baselines. Option C focuses only on image creation and scanning but lacks ongoing management capabilities for existing VMs, making it insufficient for the full lifecycle requirement. Option B (sole-tenancy and organization policies) doesn't address centralized image management or automated enforcement. Option D (Security Command Center) is primarily for monitoring and detection rather than proactive enforcement and management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization is experiencing VM sprawl in Compute Engine due to team growth and increasing resource demands. This makes it difficult to maintain consistent security hardening and apply timely package updates. You need to centralize VM image management and automate the enforcement of security baselines across the entire virtual machine lifecycle. What should you do?
A
Use VM Manager to automatically distribute and apply patches to YMs across your projects. Integrate VM Manager with hardened, organization-standard VM images stored in a central repository.
B
Configure the sole-tenancy feature in Compute Engine for all projects. Set up custom organization policies in Policy Controller to restrict the operating systems and image sources that teams are allowed to use.
C
Create a Cloud Build trigger to build a pipeline that generates hardened VM images. Run vulnerability scans in the pipeline, and store images with passing scans in a registry. Use instance templates pointing to this registry.
D
Activate Security Command Center Enterprise. Use VM discovery and posture management features to monitor hardening state and trigger automatic responses upon detection of issues.