Complete the code to specify the compliance certification in the GCP resource labels.
resource_labels = {"compliance": "[1]"}The label "compliance" should be set to a valid compliance certification like "ISO27001" to indicate the resource meets that standard.
Complete the code to enable the GCP service that helps manage compliance and security policies.
gcloud services enable [1]The Security Command Center API (securitycenter.googleapis.com) helps manage compliance and security policies in GCP.
Fix the error in the command to list compliance certifications for a GCP project.
gcloud asset search-all-resources --scope=projects/[1] --query="labels.compliance:ISO27001"
The scope parameter requires the project ID without the 'projects/' prefix. Using just the project ID like 'my-project-123' is correct.
Fill both blanks to create a policy binding that grants the Security Reviewer role to a user for compliance auditing.
gcloud projects add-iam-policy-binding [1] \ --member='user:[2]' \ --role='roles/securitycenter.securityReviewer'
The project ID should be the compliance project, and the user email should be the auditor's email to grant the Security Reviewer role correctly.
Fill all three blanks to define an organization policy that restricts VM instances to only use compliant machine types.
gcloud org-policies set-policy [1] \ --organization=[2] \ --policy-from-file=[3]
The constraint 'compute.allowedMachineTypes' restricts machine types. The organization ID is numeric, and the policy file defines the restriction.