Google Cloud Professional Cloud Security Engineer Practice Exam

To protect sensitive health information within VMs, what should be enforced organization-wide?

• A. Use standard VM instances
• B. Implement an organizational policy for Confidential VM instances
• C. Enable data encryption only for storage
• D. Configure firewall rules for VMs

The correct answer is: Implement an organizational policy for Confidential VM instances

Implementing an organizational policy for Confidential VM instances is crucial when it comes to protecting sensitive health information within Virtual Machines (VMs). Confidential VMs utilize special hardware-based security features that help safeguard data while it is being processed in memory, providing a layer of protection known as Confidential Computing. This approach ensures that sensitive data is kept secure from unauthorized access, even from the service provider or any other entities. Confidential VMs also provide an environment where sensitive data remains encrypted in memory while it is being utilized, thereby reducing the risk of exposure to data breaches or leaks. An organization-wide policy ensures that all relevant VMs are subject to these protective measures, thereby maintaining consistency and compliance with security best practices. Other options may address some aspects of security, such as using standard VM instances or configuring firewall rules, but they do not provide the same level of robust security needed for sensitive health information. Data encryption only for storage, while important, does not cover the critical period when the data is being processed. That is why an organization-wide policy specifically for Confidential VM instances is the most effective choice for safeguarding sensitive health data.