GCP Professional Cloud Architect Practice Question

A financial-services company runs its customer-facing trading platform on Google Kubernetes Engine (GKE). To satisfy internal security requirements, the engineering team plans to execute an automated penetration-testing suite against the production project every quarter. They ask you, the cloud architect, whether they must file a request with Google before each test and what limitations apply. What should you tell them?

They must submit a formal penetration-testing request to Google at least two weeks before each quarterly test is executed.
No advance notice is needed; they may run the tests as long as they target only their own project's resources and comply with Google's Acceptable Use Policy (for example, avoiding denial-of-service attacks that could affect other tenants).
They are free to test any Google-managed infrastructure components (such as Cloud Load Balancing control planes) as long as testing is completed within a 24-hour window.
They need to open a P1 support case with Google Cloud on the day of the test so that Google can monitor for false alarms.

Report Issue

Answer Description

Google Cloud permits customers to perform penetration testing against resources that reside in their own projects without requesting or receiving prior approval. The only requirement is that all tests comply with the Google Cloud Acceptable Use Policy. Activities that could disrupt Google Cloud services or other tenants-such as denial-of-service attacks or targeting Google-managed infrastructure outside the customer's project-are strictly prohibited, so no advance notification is necessary as long as the tests stay within these boundaries. Options suggesting mandatory advance notice, support cases, or unrestricted testing of Google-managed resources conflict with Google's stated policy.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.