GCP Professional Cloud Architect Practice Question

A fintech company plans to run a quarterly external penetration test against the public endpoint of a Cloud Run service that processes card-holder data. As the lead architect, you must confirm that the test complies with Google Cloud policies before the vendor begins. Which requirement must you enforce to remain compliant with Google Cloud's penetration-testing rules?

File a penetration-testing request with Google at least seven days before the test begins.
Schedule the test only during a predefined maintenance window and route traffic through Cloud Service Mesh.
Purchase Enhanced or Premium Support so Google can coordinate the test with its operations team.
Ensure the scope explicitly excludes denial-of-service, resource-exhaustion, or other traffic-flooding tests that would violate the Google Cloud Acceptable Use Policy.

Report Issue

Answer Description

Google Cloud allows customers to conduct vulnerability assessments and penetration tests against their own workloads without notifying Google, provided the activities stay within the Google Cloud Acceptable Use Policy. That policy explicitly forbids attacks that degrade or impair Google services, including denial-of-service (DoS), resource-exhaustion, or stress tests. Therefore the mandatory step is to exclude any DoS-style traffic or other actions that could disrupt Google Cloud infrastructure or other tenants. Submitting a request form, purchasing a support tier, or coupling the test to specific maintenance windows are not required by Google Cloud's penetration-testing guidelines.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.