GCP Professional Cloud Architect Practice Question
Your security team plans a quarterly penetration test against a production environment that runs workloads on a GKE Autopilot cluster and stores data in Cloud SQL. Planned activities include: (1) automated vulnerability scans against the cluster's workloads and the Cloud SQL public endpoint, and (2) attempts to exploit the underlying hypervisor of the Cloud SQL instance. According to Google Cloud's shared responsibility model and penetration-testing policy, how should the team proceed?
Cancel all testing and rely on Google's internal penetration tests, because security of workloads hosted on managed services is Google's responsibility under the shared responsibility model.
Proceed with the vulnerability scans against the GKE workloads and Cloud SQL endpoint without prior approval, but omit any attempt to target the hypervisor since that is Google-managed infrastructure.
Proceed with both activities without notifying Google, because customers can test any resource located in their own projects.
Request formal pre-approval from Google but otherwise run all planned tests, because penetration testing always requires Google's authorization.
Google Cloud allows customers to perform penetration tests against resources that reside in their own projects-such as container workloads running in GKE Autopilot or the public IP address of a Cloud SQL instance-without requesting prior approval, provided the tests comply with the Acceptable Use Policy and do not create denial-of-service conditions. However, customers are prohibited from targeting or attempting to compromise Google-managed underlying infrastructure such as the hypervisor that hosts Cloud SQL. Under the shared responsibility model, Google secures the infrastructure, while customers test and secure their own configurations, applications, and IAM policies. Therefore, the team should execute the vulnerability scans on their workloads and Cloud SQL endpoint but must omit any attack that tries to penetrate the hypervisor. The other options either incorrectly assert that all testing is unrestricted, incorrectly require blanket pre-approval, or misunderstand the division of responsibilities between Google and the customer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google Cloud's shared responsibility model?
Open an interactive chat with Bash
Why is penetration testing of the hypervisor prohibited?
Open an interactive chat with Bash
What is the Cloud Acceptable Use Policy, and how does it relate to penetration testing?
Open an interactive chat with Bash
What is the shared responsibility model in Google Cloud?
Open an interactive chat with Bash
What is Google's penetration testing policy?
Open an interactive chat with Bash
What is GKE Autopilot, and how does it differ from standard GKE?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Analyzing and optimizing technical and business processes
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .