nerdexam
Google

CLOUD-DIGITAL-LEADER · Question #175

An organization operates their entire IT infrastructure from Google Cloud. What should they do to prepare for data breaches?

The correct answer is C. Create an incident plan to mitigate impacts. Under the shared responsibility model, organizations running on Google Cloud must prepare their own incident response plan to detect, contain, and recover from data breaches since cloud infrastructure security does not eliminate application-layer or data-handling responsibilities

Secure and Operate the Cloud Solution

Question

An organization operates their entire IT infrastructure from Google Cloud. What should they do to prepare for data breaches?

Options

  • AReduce reliance on multi-factor authentication
  • BData security is Google's responsibility, so preparation is minimal
  • CCreate an incident plan to mitigate impacts
  • DStrengthen their data center perimeter security

How the community answered

(18 responses)
  • A
    6% (1)
  • B
    11% (2)
  • C
    78% (14)
  • D
    6% (1)

Why each option

Under the shared responsibility model, organizations running on Google Cloud must prepare their own incident response plan to detect, contain, and recover from data breaches since cloud infrastructure security does not eliminate application-layer or data-handling responsibilities.

AReduce reliance on multi-factor authentication

Reducing multi-factor authentication weakens identity security controls and directly increases the risk of unauthorized access, making it counterproductive to breach prevention.

BData security is Google's responsibility, so preparation is minimal

Under the shared responsibility model, Google secures the underlying infrastructure but the customer is responsible for data classification, IAM configuration, application security, and incident response - preparation cannot be minimal.

CCreate an incident plan to mitigate impactsCorrect

Creating an incident response plan is a security best practice required regardless of cloud provider because the shared responsibility model places data classification, access control, and breach response squarely on the customer. A documented plan defines roles, communication procedures, containment steps, and recovery actions, enabling the organization to minimize the impact and duration of a breach when it occurs.

DStrengthen their data center perimeter security

If the entire IT infrastructure runs on Google Cloud there is no physical on-premises data center perimeter to strengthen, making this control irrelevant to the described environment.

Concept tested: Shared responsibility model and incident response planning

Source: https://cloud.google.com/architecture/framework/security/data-security

Topics

#Incident Response#Data Breach Preparedness#Cloud Security#Shared Responsibility Model

Community Discussion

No community discussion yet for this question.

Full CLOUD-DIGITAL-LEADER Practice