- All Exams Instant Download
Which option meets the requirement of your team?
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?A . Create a Cloud...
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?A . SSL ProxyB . TCP ProxyC . Internal TCP/UDPD . TCP/UDP NetworkView AnswerAnswer: C Explanation: Reference: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_forw arding_rule
What should you do?
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?A . Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEB . Store...
In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)
In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)A . HardwareB . Network SecurityC . Storage EncryptionD . Access PoliciesE . BootView AnswerAnswer: C,D
Which two steps should the company take to meet these requirements?
A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects. Which two steps should the company take to meet these requirements? (Choose two.)A . Create a project with multiple VPC networks for...
What should you do?
You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices. What should you do?A . Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.B ....
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?A . SSL ProxyB . TCP ProxyC . Internal TCP/UDPD . TCP/UDP NetworkView AnswerAnswer: C Explanation: Reference: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_forw arding_rule
What should you do?
You are creating an internal App Engine application that needs to access a user’s Google Drive on the user’s behalf. Your company does not want to rely on the current user’s credentials. It also wants to follow Google- recommended practices. What should you do?A . Create a new Service account,...
What should you do?
Your company operates an application instance group that is currently deployed behind a Google Cloud load balancer in us-central-1 and is configured to use the Standard Tier network. The infrastructure team wants to expand to a second Google Cloud region, us-east-2. You need to set up a single external IP...
How should the DevOps team accomplish this?
A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE). How should the DevOps team accomplish this?A . Use Puppet or Chef to push out the patch to the running container.B . Verify that auto upgrade is...
