How should the customer ensure authenticated network separation between the different tiers of the application?
A customer wants to deploy a large number of 3-tier web applications on Compute Engine. How should the customer ensure authenticated network separation between the different tiers of the application?A . Run each tier in its own Project, and segregate using Project labels. B. Run each tier with a different...
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?A . SSL Proxy B. TCP Proxy C. Internal TCP/UDP D. TCP/UDP NetworkView AnswerAnswer: C Explanation: Reference: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_forwarding_rule
Which method should be used to protect employee credentials in this situation?
An organization receives an increasing number of phishing emails. Which method should be used to protect employee credentials in this situation?A . Multifactor Authentication B. A strict password policy C. Captcha on login pages D. Encrypted emailsView AnswerAnswer: D
Which options are necessary to ensure that authentication is supported by the third-party identity provider (IdP)?
You want to use the gcloud command-line tool to authenticate using a third-party single sign-on (SSO) SAML identity provider. Which options are necessary to ensure that authentication is supported by the third-party identity provider (IdP)? (Choose two.)A . SSO SAML as a third-party IdP B. Identity Platform C. OpenID Connect...
What should you do?
You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements: Each business unit manages access controls for their own projects. Each business unit manages access control permissions at...
Which solution will restrict access to the in-progress sites?
A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location. Which solution will restrict access to the in-progress sites?A . Upload an .htaccess file containing the customer and employee...
Which service should be used to accomplish this?
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?A . Cloud Armor B. Google Cloud Audit Logs C. Cloud Security Scanner D. Forseti SecurityView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/security-scanner/
How should you advise this organization?
An organization’s typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review. How should you advise this organization?A . Use Forseti with Firewall filters to catch...
What should you do?
You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project. What should you do?A . Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the...
Which tool should you use?
You are the project owner for a regulated workload that runs in a project you own and manage as an Identity and Access Management (IAM) admin. For an upcoming audit, you need to provide access reviews evidence. Which tool should you use?A . Policy Troubleshooter B. Policy Analyzer C. IAM...