Question 1

A financial services company is deploying a highly sensitive application on Compute Engine. To meet PCI-DSS compliance, the architecture must ensure that: 1) VM memory is encrypted in use, 2) The OS boot process is cryptographically verified, and 3) VMs do not have public IP addresses. Which THREE features should you enable? (Select THREE)

Accepted Answer

Match the three requirements to their specific GCP features: Memory encryption = Confidential VMs. Boot verification = Shielded VMs. No public IPs = Private Google Access.

Question 2

What mistakes do candidates make on this GCP PCA question?

Accepted Answer

Selecting Sole-tenant nodes (E). While good for compliance, it solves physical isolation, not memory encryption or boot integrity.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 4

More questions from this exam