Module 2: Securing Compute Engine: Techniques and Best Practices
Looking for ‘Security Best Practices in Google Cloud Module 2 Answers’?
In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: Cloud VPN of Course 10: Security Best Practices in Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.
Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!
Securing Compute Engine: Techniques and Best Practices
Graded Assignment
1. Which of the following TWO statements about Google Cloud service accounts are TRUE?
- Custom service accounts use “scopes” to control API access.
- VMs without service accounts cannot run APIs.
- Service accounts are a type of identity. ✅
- Virtual Machine (VM) instances use service accounts to run API requests on your behalf. ✅
Explanation:
- Service accounts are special Google Cloud identities used by applications and VMs to make authorized API calls.
- VMs use attached service accounts to authenticate with Google Cloud services automatically.
2. Which TWO recommendations below ARE considered to be Compute Engine "best practices?"
- Hardened custom images, once added to your Organization’s resources, are then maintained by Google with automatic security patches and other updates.
- Utilize projects and IAM roles to control access to your VMs. ✅
- Cloud Interconnect or Cloud VPN can be used to securely extend your data center network into Google Cloud projects. ✅
- Always run critical VMs with default, scope-based service accounts.
Explanation:
- Using IAM roles and projects helps implement principle of least privilege and organize access.
- Secure network extensions using Cloud VPN or Interconnect is a best practice for hybrid setups.
3. Which TWO of the following statements is TRUE when discussing the Organization Policy Service?
- Descendants of a targeted resource do not inherit the parent’s Organization Policy.
- Organization Policy Services allow centralized control for how your organization’s resources can be used. ✅
- To define an Organization Policy, you will choose and then define a constraint against either a Google Cloud service or a group of Google Cloud services. ✅
Explanation:
- Org Policy Service enforces rules like allowed service usage, locations, or configurations.
- Policies are implemented via constraints at different resource hierarchy levels.
Related contents:
You might also like:
Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 8: Networking in Google Cloud: Hybrid and Multicloud
Course 9: Managing Security in Google Cloud
Course 11: Mitigating Security Vulnerabilities on Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers