CLOUD-DIGITAL-LEADER · Question #175
An organization operates their entire IT infrastructure from Google Cloud. What should they do to prepare for data breaches?
The correct answer is C. Create an incident plan to mitigate impacts. Under the shared responsibility model, organizations running on Google Cloud must prepare their own incident response plan to detect, contain, and recover from data breaches since cloud infrastructure security does not eliminate application-layer or data-handling responsibilities
Question
An organization operates their entire IT infrastructure from Google Cloud. What should they do to prepare for data breaches?
Options
- AReduce reliance on multi-factor authentication
- BData security is Google's responsibility, so preparation is minimal
- CCreate an incident plan to mitigate impacts
- DStrengthen their data center perimeter security
How the community answered
(18 responses)- A6% (1)
- B11% (2)
- C78% (14)
- D6% (1)
Why each option
Under the shared responsibility model, organizations running on Google Cloud must prepare their own incident response plan to detect, contain, and recover from data breaches since cloud infrastructure security does not eliminate application-layer or data-handling responsibilities.
Reducing multi-factor authentication weakens identity security controls and directly increases the risk of unauthorized access, making it counterproductive to breach prevention.
Under the shared responsibility model, Google secures the underlying infrastructure but the customer is responsible for data classification, IAM configuration, application security, and incident response - preparation cannot be minimal.
Creating an incident response plan is a security best practice required regardless of cloud provider because the shared responsibility model places data classification, access control, and breach response squarely on the customer. A documented plan defines roles, communication procedures, containment steps, and recovery actions, enabling the organization to minimize the impact and duration of a breach when it occurs.
If the entire IT infrastructure runs on Google Cloud there is no physical on-premises data center perimeter to strengthen, making this control irrelevant to the described environment.
Concept tested: Shared responsibility model and incident response planning
Source: https://cloud.google.com/architecture/framework/security/data-security
Topics
Community Discussion
No community discussion yet for this question.