You need monitoring and alerting for Compute Engine instances tagged with compliance=pci that have an external IP. What should you do?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

You need monitoring and alerting for Compute Engine instances tagged with compliance=pci that have an external IP. What should you do?

Explanation:
Monitor external exposure with Security Health Analytics detectors and scope it to resources that carry the PCI tag. Security Command Center includes a detector called PUBLIC_IP_ADDRESS that flags assets with an external IP. By checking whether these assets also have the compliance=pci tag, you can generate findings and alert when a Compute Engine instance is publicly reachable and marked as PCI-compliant. This approach uses built-in detectors and asset inventory, and you can wire the findings to Cloud Monitoring or alerting channels for real-time notifications. The other options don’t fit as well. Blocking external IPs with an org policy constraint prevents the condition from occurring but isn’t about monitoring or alerting. Building a custom ETD/SHA module or a custom SHA detector adds maintenance and development work, whereas the built-in PUBLIC_IP_ADDRESS detector already covers the detection you need, and you can refine it by tag presence to meet the requirement.

Monitor external exposure with Security Health Analytics detectors and scope it to resources that carry the PCI tag. Security Command Center includes a detector called PUBLIC_IP_ADDRESS that flags assets with an external IP. By checking whether these assets also have the compliance=pci tag, you can generate findings and alert when a Compute Engine instance is publicly reachable and marked as PCI-compliant. This approach uses built-in detectors and asset inventory, and you can wire the findings to Cloud Monitoring or alerting channels for real-time notifications.

The other options don’t fit as well. Blocking external IPs with an org policy constraint prevents the condition from occurring but isn’t about monitoring or alerting. Building a custom ETD/SHA module or a custom SHA detector adds maintenance and development work, whereas the built-in PUBLIC_IP_ADDRESS detector already covers the detection you need, and you can refine it by tag presence to meet the requirement.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy