Answer-first summary for fast verification
Answer: Principals have broad IAM roles allowing the creation and management of Compute Engine VMs without a pre-defined hardening process.
Option D presents the greatest risk because it allows principals to create and manage Compute Engine VMs with broad IAM roles without a pre-defined hardening process. In a highly regulated industry, this lack of control over VM configuration can lead to vulnerable or non-compliant systems, potentially resulting in data breaches, unauthorized access, and regulatory violations. The community discussion strongly supports this, with 100% of answers selecting D and comments emphasizing the 'lack of control' and 'regulatory implications' of unhardened systems. In contrast, options A (CMEK for sensitive data), B (uniform bucket-level access), and C (audit team access to logs) represent security best practices that enhance, rather than undermine, regulatory compliance.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization operates in a highly regulated industry and uses multiple Google Cloud services. You need to identify potential risks to regulatory compliance. Which scenario presents the greatest risk?
A
The security team mandates the use of customer-managed encryption keys (CMEK) for all data classified as sensitive.
B
Sensitive data is stored in a Cloud Storage bucket with the uniform bucket-level access setting enabled.
C
The audit team needs access to Cloud Audit Logs related to managed services like BigQuery.
D
Principals have broad IAM roles allowing the creation and management of Compute Engine VMs without a pre-defined hardening process.