PCI DSS v4.0 posture in SCC flags a Compute Engine VM in the CDE with an external IP. Immediate remediation?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

PCI DSS v4.0 posture in SCC flags a Compute Engine VM in the CDE with an external IP. Immediate remediation?

When a resource in the cardholder data environment has a public endpoint, it increases the exposure risk that PCI DSS aims to minimize. The quickest and most effective remediation is to remove the external IP from the VM’s network interface, so the instance no longer has a public address and cannot be reached from the internet. This directly reduces exposure and brings the VM into alignment with PCI DSS expectations for the CDE.

Enforcing a project-level constraint to block external IPs helps prevent future instances from getting public IPs, but it doesn’t fix the current exposed VM. Removing the CDE tag would bypass the posture check rather than address the underlying risk, and marking the finding as fixed doesn't actually remediate the asset.

PCI DSS v4.0 posture in SCC flags a Compute Engine VM in the CDE with an external IP. Immediate remediation?

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

PCI DSS v4.0 posture in SCC flags a Compute Engine VM in the CDE with an external IP. Immediate remediation?

Get the latest from Examzify