Google Cloud Professional Cloud Security Engineer Practice Exam

What organizational policy can ensure that only trusted operating system images are used in Google Cloud projects?

• A. Allow all images regardless of their source
• B. Implement a policy enforcing boot disks from the trusted image project
• C. Use Google Cloud Marketplace images exclusively
• D. Keep the default settings for image creation

The correct answer is: Implement a policy enforcing boot disks from the trusted image project

Implementing a policy that enforces boot disks from a trusted image project is a robust method for ensuring that only vetted operating system images are used in Google Cloud projects. This approach effectively establishes a controlled environment where only images that originate from a designated, trusted source can be utilized. By defining a specific image project as trusted, organizations can maintain a higher degree of control over the security and compliance of the operating system environments running in their cloud infrastructure. This policy not only helps to mitigate risks associated with using unverified or potentially vulnerable images but also simplifies compliance with organizational security requirements. It ensures that any virtual machine created in the cloud adheres to the organization's security standards by being restricted to images from the approved project, thus minimizing the risk of introducing security flaws or other issues that may arise from untrusted sources. The other options do not provide the same level of assurance regarding image integrity and security. Allowing images from all sources lacks the necessary checks and balances, leading to potential vulnerabilities. Exclusively using Google Cloud Marketplace images might limit flexibility and not account for internal images that meet security requirements. Keeping default settings typically does not include any proactive measures for enforcing security standards.