Google Cloud Professional Cloud Security Engineer Practice Exam

What scanning solution should be used for an application deployed on Google Kubernetes Engine to detect vulnerabilities?

• A. Web Application Firewall
• B. Web Security Scanner
• C. Vulnerability Scanner
• D. Security Command Center

The correct answer is: Web Security Scanner

The Web Security Scanner is specifically designed to identify vulnerabilities in applications deployed on Google Kubernetes Engine (GKE). It scans web applications for common security issues such as cross-site scripting (XSS), cross-site forgery (CSRF), and other vulnerabilities that may affect the security of your application. This scanning solution is integrated with Google Cloud Platform, making it particularly suited for GKE environments. It utilizes a comprehensive set of checks tailored to web applications, which helps developers and security teams quickly identify and remediate potential vulnerabilities before they are exploited. Given that GKE hosts containerized applications, ensuring that these applications are free from security weaknesses is vital, and the Web Security Scanner addresses this need effectively. In contrast, while other options may have security functionalities, they do not focus specifically on detecting vulnerabilities within applications deployed on GKE. A Web Application Firewall primarily protects applications by filtering and monitoring HTTP traffic, rather than conducting vulnerability scans. A Vulnerability Scanner may refer to different tools that can scan for vulnerabilities across various environments but may not be optimized for web applications. The Security Command Center provides overall security visibility across Google Cloud resources but does not specifically target scanning applications for web vulnerabilities.