ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 284 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 284
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are responsible for a set of Cloud Functions running on your organization's Google Cloud environment. During the last annual security review, secrets were identified in environment variables of some of these Cloud Functions. You must ensure that secrets are identified in a timely manner. What should you do?

  • A. Implement regular peer reviews to assess the environment variables and identify secrets in your Cloud Functions. Raise a security incident if secrets are discovered.
  • B. Implement a Cloud Function that scans the environment variables multiple times a day, and creates a finding in Security Command Center if secrets are discovered.
  • C. Use Sensitive Data Protection to scan the environment variables multiple times per day, and create a finding in Security Command Center if secrets are discovered.
  • D. Integrate dynamic application security testing into the CI/CD pipeline that scans the application code for the Cloud Functions. Fail the build process if secrets are discovered.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by yokoyan at Sept. 6, 2024, 1:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nah99
7 months, 1 week ago
Selected Answer: C
https://cloud.google.com/sensitive-data-protection/docs/secrets-discovery#why
upvoted 2 times
...
KLei
7 months, 3 weeks ago
Selected Answer: C
(Dynamic application security testing): While this can help identify secrets in the code, it does not specifically address the secrets that may be present in environment variables
upvoted 1 times
...
dv1
8 months, 3 weeks ago
Selected Answer: C
Question asks for secret identification, not blocking the cloud runs if exposed secrets are detected (what D says).
upvoted 2 times
...
dat987
8 months, 4 weeks ago
Selected Answer: C
I think C: To perform secrets discovery, you create a discovery scan configuration at the organization or project level. Within your selected scope, Sensitive Data Protection periodically scans Cloud Run functions for secrets in build and runtime environment variables. If a secret is present in an environment variable, Sensitive Data Protection sends a Secrets in environment variables vulnerability finding to Security Command Center. No data profiles are generated. Any findings are only available through Security Command Center. Sensitive Data Protection generates a maximum of one finding per function. For example, if secrets are found in two environment variables in the same function, only one finding is generated in Security Command Center.
upvoted 2 times
...
brpjp
9 months, 3 weeks ago
Correct answer - D. For answer C, you need to integrate Sensitive Data Protection with CI/CD pipelines, which is missing here.
upvoted 3 times
...
yokoyan
10 months ago
Selected Answer: D
I think it's D.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel