GCP Professional Cloud Security Engineer Practice Question
Your financial services company uses three Google Cloud offerings: Compute Engine VMs for core banking applications, GKE Autopilot clusters for customer-facing APIs, and BigQuery for data analytics. The CISO is drafting a policy that assigns your team responsibility for applying operating-system security patches across all in-scope services. According to Google Cloud's shared responsibility model, how should you advise the CISO?
Discard the policy, since Google is responsible for operating-system security across all Google Cloud services, including Compute Engine VMs.
Update the policy to require OS patching on both Compute Engine and GKE Autopilot, but not on BigQuery, because Google manages operating systems only for SaaS services.
Keep the policy as written because customers must patch the operating system on every Google Cloud service they use.
Update the policy to state that the team patches guest operating systems only on Compute Engine; Google manages OS patching for GKE Autopilot nodes and for the BigQuery service.
Under Google Cloud's shared responsibility model, customers are responsible for securing what they control, while Google secures the underlying cloud infrastructure and managed runtime.
Compute Engine is Infrastructure-as-a-Service: you control the guest operating system, so your team must handle OS-level patching inside each VM.
GKE Autopilot is a managed Platform-as-a-Service variant: Google provisions and patches the node operating systems; you only manage the container images and workload configuration.
BigQuery is Software-as-a-Service: Google operates and patches the entire infrastructure stack, including operating systems.
Therefore, the policy should be amended to require OS patching only for Compute Engine. Assigning that duty for GKE Autopilot and BigQuery would duplicate work that Google already performs. The other options either over-assign responsibility to the customer or incorrectly shift Compute Engine guest-OS patching to Google.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared responsibility model in Google Cloud?
Open an interactive chat with Bash
What makes GKE Autopilot different from regular GKE clusters in terms of security management?
Open an interactive chat with Bash
Why is BigQuery considered a Software-as-a-Service (SaaS) offering in the shared responsibility model?
Open an interactive chat with Bash
What is the shared responsibility model in Google Cloud?
Open an interactive chat with Bash
How does OS patching differ between Compute Engine, GKE Autopilot, and BigQuery?
Open an interactive chat with Bash
What does Google manage in GKE Autopilot clusters compared to regular GKE clusters?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Supporting compliance requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .