GCP Professional Cloud Security Engineer Practice Question
Your organization processes EU personal data in several Google Cloud projects. You have already enabled Access Transparency and export all Cloud Audit Logs. Compliance demands that: (1) every request by Google personnel to access these projects must be explicitly approved by a designated security officer, (2) access must never occur without such approval, even during outages, and (3) each decision must be auditable. You propose enabling Access Approval. How should you respond to address these requirements?
Configure Access Approval to require two approvers and set the approval window to 24 hours; any access lacking dual approval will be automatically denied.
Enable Access Approval at the organization level and list the security officer as the sole approver; this configuration meets all three compliance requirements.
Explain that while Access Approval will provide explicit approvals and auditable records, Google can still self-approve access in rare emergencies, so requirement 2 cannot be fully guaranteed.
Recommend using Assured Workloads instead, because Access Approval cannot be enabled at the project level and therefore cannot cover all in-scope projects.
Access Approval can be configured at the project, folder, or organization level and lets customers grant or deny Google-initiated access requests. It also records each request, decision, and resulting access in Cloud Audit Logs, satisfying the audit-trail requirement. However, the service is expressly designed with an override: in rare situations such as resolving an ongoing service outage, meeting legal obligations, or addressing security emergencies, Google may self-authorize access without waiting for customer approval. Because the second compliance demand prohibits any unapproved access-even in emergencies-Access Approval cannot fully meet that part of the requirement. Therefore, you must inform stakeholders of this limitation or consider additional contractual or architectural controls. The other options are incorrect because Access Approval does not mandate multiple approvers, does operate at the project, folder, or organization level, and cannot guarantee absolute prevention of emergency access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Access Approval in GCP?
Open an interactive chat with Bash
What are Cloud Audit Logs in GCP, and how do they support compliance?
Open an interactive chat with Bash
What is Assured Workloads in GCP, and how does it help with compliance requirements?
Open an interactive chat with Bash
What is Access Approval in Google Cloud?
Open an interactive chat with Bash
What types of emergencies allow Google to bypass Access Approval?
Open an interactive chat with Bash
How does Access Transparency align with Access Approval?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Supporting compliance requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .