Exam Professional Cloud Security Engineer topic 1 question 40 discussion

The Customer Responsibility Matrix is the most relevant document for identifying Google's inherent controls related to PCI compliance, as it explicitly details the security controls managed by Google versus those managed by the customer.

Probably an outdated question, because there is a specific PCI DSS responsibility matrix available source: https://cloud.google.com/security/compliance/pci-dss but a close enough answer is A because it directly addresses Google's inherent controls while others don't.

but here controls isn't the same as responsibility? Don't understand how A is the answer since by controls we are referring this from a security and compliance perspective i.e. security controls. C is still the correct answer.

answer is A, https://cloud.google.com/files/GCP_Client_Facing_Responsibility_Matrix_PCI_2018.pdf

To identify Google's inherent controls for PCI compliance, you should review: A. Google Cloud Platform: Customer Responsibility Matrix The Google Cloud Platform: Customer Responsibility Matrix provides information about the shared responsibility model between Google Cloud and the customer. It outlines which security controls are managed by Google and which are the customer's responsibility. This document will help you understand Google's inherent controls as they relate to PCI compliance.

The correct answer is A. Google Cloud Platform: Customer Responsibility Matrix. The Google Cloud Platform: Customer Responsibility Matrix (CRM) is a document that outlines the responsibilities of Google and its customers for PCI compliance. The CRM identifies the inherent controls that Google provides, which are the security controls that are built into Google Cloud Platform. The PCI DSS Requirements and Security Assessment Procedures (SAQs) are a set of requirements that organizations must meet to be PCI compliant. The SAQs do not identify Google's inherent controls. The PCI SSC Cloud Computing Guidelines are a set of guidelines that organizations can use to help them achieve PCI compliance when using cloud computing services. The guidelines do not identify Google's inherent controls. The product documentation for Compute Engine is a document that provides information about the features and capabilities of Compute Engine. The documentation does not identify Google's inherent controls.

C is the ans

B is the ans. as the pci-dss req in gcp

The answer is A. Google Cloud Platform: Customer Responsibility Matrix. This document outlines the responsibilities of both the customer and Google for securing the cloud environment and is an important resource for understanding Google's inherent controls for PCI compliance. The PCI DSS Requirements and Security Assessment Procedures and the PCI SSC Cloud Computing Guidelines are both helpful resources for understanding the PCI compliance requirements, but they do not provide information on Google's specific inherent controls. The product documentation for Compute Engine is focused on the technical aspects of using that service and is unlikely to provide a comprehensive overview of Google's inherent controls.

https://cloud.google.com/architecture/pci-dss-compliance-in-gcp B is correct answer

It is B:: The PCI DSS Requirements and Security Assessment Procedures is the document that outlines the specific requirements for PCI compliance. It is created and maintained by the Payment Card Industry Security Standards Council (PCI SSC), which is the organization responsible for establishing and enforcing security standards for the payment card industry. This document is used by auditors to evaluate the security of an organization's payment card systems and processes. While the other options may provide information about Google's security controls and the customer's responsibilities for security, they do not provide the specific requirements for PCI compliance that the PCI DSS document does.

A. Google Cloud Platform: Customer Responsibility Matrix

https://services.google.com/fh/files/misc/gcp_pci_shared_responsibility_matrix_aug_2021.pdf