GCP Professional Cloud Security Engineer Practice Question

Your organization has activated Security Command Center (SCC) at the organization level. The security operations team needs a single console-based workflow that lets them (1) list every Google Cloud asset across all projects with filters by type and labels, and (2) continuously view which assets fail controls in the CIS Google Cloud Foundation Benchmark. Which pair of SCC built-in views should they rely on?

IAM Policy Troubleshooter and Security Dashboard
Findings view and Compliance view
Assets view and Compliance view
Assets view and Investigation view

Report Issue

Answer Description

In Security Command Center, the Assets view provides a continuously updated inventory of all Google Cloud resources in the organization and supports filtering by project, asset type, labels, and more. The Compliance view organizes Security Health Analytics findings by industry frameworks such as the CIS Google Cloud Foundation Benchmark, clearly indicating which controls each asset passes or fails. Using these two views together satisfies both the inventory requirement and the need to monitor compliance status. The Findings view aggregates all findings but does not inherently provide an asset inventory, while the Investigation view is intended for ad-hoc threat hunting. IAM Policy Troubleshooter and the Security Dashboard are separate tools that do not jointly offer the requested capabilities.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.