exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam

Exam Associate Cloud Engineer topic 1 question 254 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 254
Topic #: 1
[All Associate Cloud Engineer Questions]

Your company's security vulnerability management policy wants a member of the security team to have visibility into vulnerabilities and other OS metadata for a specific Compute Engine instance. This Compute Engine instance hosts a critical application in your Google Cloud project. You need to implement your company's security vulnerability management policy. What should you do?

  • A. • Ensure that the Ops Agent is installed on the Compute Engine instance.
    • Create a custom metric in the Cloud Monitoring dashboard.
    • Provide the security team member with access to this dashboard.
  • B. • Ensure that the Ops Agent is installed on the Compute Engine instance.
    • Provide the security team member roles/osconfig.inventoryViewer permission.
  • C. • Ensure that the OS Config agent is installed on the Compute Engine instance.
    • Provide the security team member roles/osconfig.vulnerabilityReportViewer permission.
  • D. • Ensure that the OS Config agent is installed on the Compute Engine instance.
    • Create a log sink to BigQuery dataset.
    • Provide the security team member with access to this dataset.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Cynthia2023
Highly Voted 11 months, 1 week ago
Selected Answer: C
Ops Agent: The Ops Agent is primarily used for collecting system and application metrics, as well as logs in Google Cloud. It is adept at monitoring the performance and health of applications and virtual machines but does not specialize in vulnerability assessment or OS-level inventory management. OS Config Agent: This agent is specifically designed for OS configuration, inventory management, and vulnerability reporting in Google Cloud. It can gather and report on system-level inventory information (like installed packages) and OS vulnerabilities.
upvoted 10 times
Cynthia2023
11 months, 1 week ago
Visibility into Vulnerabilities and Other OS Metadata: To access vulnerability data specifically, the roles/osconfig.vulnerabilityReportViewer role is more appropriate. This role is designed to provide access to vulnerability reports generated by the OS Config agent. To access general OS metadata, the osconfig.inventoryViewer role is suitable, as it allows the user to view inventory information collected by the OS Config agent.
upvoted 4 times
Cynthia2023
11 months, 1 week ago
In the context of the provided options, none of them specifically combines both the osconfig.inventoryViewer and roles/osconfig.vulnerabilityReportViewer roles with the OS Config agent. However, Option C (ensuring the OS Config agent is installed and providing the roles/osconfig.vulnerabilityReportViewer permission) comes closest to fulfilling the requirement, particularly for the critical aspect of vulnerability visibility.
upvoted 5 times
...
...
...
PiperMe
Most Recent 9 months ago
Selected Answer: C
C is correct here. It leverages the OS Config agent and a well-defined IAM role.
upvoted 2 times
...
KelvinToo
11 months, 1 week ago
Selected Answer: C
Per ChatGPT, Option C aligns with the requirement of providing visibility into vulnerabilities and other OS metadata for the specific Compute Engine instance while following the principle of least privilege by granting only the necessary permissions to the security team member.
upvoted 1 times
...
shiowbah
11 months, 1 week ago
C. • Ensure that the OS Config agent is installed on the Compute Engine instance. • Provide the security team member roles/osconfig.vulnerabilityReportViewer permission.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago