ExpertHard1 markMultiple Choice
GCP PCA · Question 44 · Domain 3: Designing for Security and Compliance
A financial services company is deploying a highly sensitive application on Compute Engine. To meet PCI-DSS compliance, the architecture must ensure that: 1) VM memory is encrypted in use, 2) The OS boot process is cryptographically verified, and 3) VMs do not have public IP addresses. Which THREE features should you enable? (Select THREE)
A financial services company is deploying a highly sensitive application on Compute Engine. To meet PCI-DSS compliance, the architecture must ensure that: 1) VM memory is encrypted in use, 2) The OS boot process is cryptographically verified, and 3) VMs do not have public IP addresses. Which THREE features should you enable? (Select THREE)
Answer options:
A.
Confidential VMs
B.
Shielded VMs
C.
Private Google Access
D.
Cloud Armor
E.
Sole-tenant nodes
F.
Identity-Aware Proxy (IAP)
How to approach this question
Match the three requirements to their specific GCP features: Memory encryption = Confidential VMs. Boot verification = Shielded VMs. No public IPs = Private Google Access.
Full Answer
To encrypt data in use (in RAM), you must use Confidential VMs (Option A). To cryptographically verify the OS boot process against rootkits/bootkits, you must use Shielded VMs (Option B). To ensure VMs can function without public IPs while still accessing necessary Google services, you must enable Private Google Access on the subnet (Option C).
Common mistakes
Selecting Sole-tenant nodes (E). While good for compliance, it solves physical isolation, not memory encryption or boot integrity.
Practice the full GCP Professional Cloud Architect Practice Exam 4
50 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: TechStream Gaming
Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...MediumQ02CASE STUDY: TechStream Gaming
Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...MediumQ03CASE STUDY: TechStream Gaming
Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...HardQ04CASE STUDY: TechStream Gaming
Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...HardQ05CASE STUDY: TechStream Gaming
Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Easy