Google Cloud Professional Cloud Security Engineer Practice Exam

What Google Cloud feature can be used to ensure data integrity and security on Compute Engine VMs?

• A. Use Standard VMs with additional configured firewalls.
• B. Use Google Shielded VMs and activate Confidential Computing.
• C. Implement Multi-Account Architecture.
• D. Ensure that all VMs are publicly available.

The correct answer is: Use Google Shielded VMs and activate Confidential Computing.

Using Google Shielded VMs combined with Confidential Computing is an effective way to ensure both data integrity and security on Compute Engine VMs. Shielded VMs provide a strong security posture by incorporating features such as secure boot, measured boot, and virtual trusted platform module (vTPM). These elements help protect the virtual machine from boot-time malware and secure the execution environment. Confidential Computing further enhances data security by encrypting data in use. This means that sensitive data can be processed without ever being exposed to the computing environment, limiting the risk of data leakage during processing. By combining these features, organizations can create a robust security model that protects their resources even from threats that may arise within their own environment or from unauthorized access. Utilizing just standard VMs with additional firewalls does not provide the same level of data protection as Shielded VMs, as it lacks advanced security features that address vulnerabilities at the hardware and firmware levels. Multi-Account Architecture, while beneficial for separating workloads and managing access, does not directly address the integrity and security of the VMs themselves. Ensuring all VMs are publicly available is contrary to best security practices and would expose them to unnecessary risk.