Your organization wants to protect all workloads that run on Compute Engine VM to ensure that the instances weren’t compromised by boot-level or kernel-level malware. Also, you need to ensure that data in use on the VM cannot be read by the underlying host system by using a hardware-based solution.
What should you do?
A. 1. Use Google Shielded VM including secure boot, Virtual Trusted Platform Module (vTPM), and integrity monitoring.
2. Create a Cloud Run function to check for the VM settings, generate metrics, and run the function regularly.
B. 1. Activate Virtual Machine Threat Detection in Security Command Center (SCC) Premium.
2. Monitor the findings in SCC.
C. 1. Use Google Shielded VM including secure boot, Virtual Trusted Platform Module (vTPM), and integrity monitoring.
2. Activate Confidential Computing.
3. Enforce these actions by using organization policies.
D. 1. Use secure hardened images from the Google Cloud Marketplace.
2. When deploying the images, activate the Confidential Computing option.
3. Enforce the use of the correct images and Confidential Computing by using organization policies.
Answer
C