🔥 40% Off Crucial Exams Memberships — Deal ends today!

45 minutes, 2 seconds remaining!
Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your organization operates a managed instance group that runs a patient-data analytics workload on Compute Engine. The CISO is concerned that privileged cloud operators or a compromised hypervisor could read the virtual machines' memory during processing. Refactoring the application is not possible, and the instances must keep autoscaling across multiple zones. Which change will best protect the data while it is in use with minimal disruption to the existing deployment?

  • Enable Shielded VM with Secure Boot on the current instances.

  • Rewrite the workload to execute inside Cloud HSM and invoke it through an API from lightweight Compute Engine instances.

  • Encrypt the boot and data disks with customer-managed encryption keys (CMEK) and disable the serial console.

  • Update the instance template to use Confidential VMs and select a compatible confidential CPU platform.

GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot