GCP Security Best Practices Quiz Quiz

Evaluate your knowledge of key security best practices in Google Cloud Platform environments. This quiz covers topics such as identity management, data protection, network security, and compliance measures for robust cloud security strategies.

1. Identity and Access Management

   Which practice helps minimize potential risk when assigning permissions to users in a cloud environment?

   1. Allow inherited permissions at the top level only
   2. Grant the least privilege necessary to each user
   3. Assign users to global admin roles by default
   4. Group all users under the same access level for simplicity

   Explanation: Granting the least privilege necessary reduces the chance of accidental or intentional misuse by ensuring users have only the access required for their tasks. Assigning global admin roles by default or using top-level inherited permissions exposes resources to excessive access. Grouping all users under the same level ignores specific role requirements, increasing overall risk.

2. Data Encryption

   What is considered a best practice for securing sensitive data stored in cloud storage buckets?

   1. Store encryption keys in plaintext within the same bucket
   2. Enable encryption at rest for the buckets
   3. Use outdated encryption algorithms for compatibility
   4. Disable all encryption to improve performance

   Explanation: Enabling encryption at rest ensures that stored data is protected from unauthorized access, even if physical media is compromised. Using outdated algorithms may leave data vulnerable, and storing keys alongside the data defeats the purpose of encryption. Disabling encryption for performance purposes sacrifices security and is not advisable.

3. Network Security

   When configuring network firewalls for virtual machines, which approach enhances security?

   1. Use identical firewall rules for all environments regardless of use case
   2. Open all ports to any IP address for maximum accessibility
   3. Disable firewall rules to avoid configuration errors
   4. Allow traffic only from necessary sources and ports

   Explanation: Restricting traffic to only what is needed limits the exposure of resources and reduces attack surfaces. Opening all ports or disabling firewalls increases vulnerability to attacks. Using the same firewall rules everywhere fails to account for variations in risk and requirements between environments.

4. Audit and Monitoring

   Why is it important to enable detailed logging and regularly review security logs in your cloud environment?

   1. To automatically fix all vulnerabilities without human intervention
   2. So all users can access logs and make changes to them
   3. Because it reduces storage costs for the organization
   4. To detect unusual activity and respond quickly to incidents

   Explanation: Detailed logging allows teams to spot suspicious behaviors and investigate breaches efficiently. It does not necessarily reduce costs and unrestricted log access could create more security issues. Reviewing logs will not automatically resolve vulnerabilities; human analysis and action are required.

5. Compliance and Resource Management

   Which method helps maintain compliance and reduce risk with unused cloud resources?

   1. Regularly identify and remove or quarantine unused resources
   2. Share unused resources publicly to maximize utilization
   3. Leave all resources running for convenience
   4. Rely solely on automated alerts without follow-up

   Explanation: Regularly cleaning up unused resources limits exposure to vulnerabilities and supports compliance by reducing unnecessary risk. Leaving resources running increases surface area for attacks. Trusting only automated alerts without action is insufficient, and sharing resources publicly can result in unintended data exposure.