Professional Cloud Security Engineer V2

Your DevOps team uses Packer to build Compute Engine images by using this process: 1 Create an ephemeral Compute Engine VM. 2 Copy a binary from a Cloud Storage bucket to the VM's file system. 3 Update the VM's package manager. 4 Install external packages from the internet onto the...

Your security team uses encryption keys to ensure confidentiality of user data. You want to establish a process to reduce the impact of a potentially compromised symmetric encryption key in Cloud Key Management Service (Cloud KMS). Which steps should your team take before an incident occurs? (Choose two.)A . Disable...

Your organization processes sensitive health information. You want to ensure that data is encrypted while in use by the virtual machines (VMs). You must create a policy that is enforced across the entire organization. What should you do?A . Implement an organization policy that ensures that all VM resources created...

An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization’s risk team wants to ensure that network security controls are maintained and...

You are backing up application logs to a shared Cloud Storage bucket that is accessible to both the administrator and analysts. Analysts should not have access to logs that contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible to...

You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?A . Use Packet Mirroring to mirror traffic to and from particular VM instances. Perform inspection using security software that analyzes the mirrored traffic.B . Enable VPC Flow Logs for all subnets in...

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs. What should...

You are working with a client who plans to migrate their data to Google Cloud. You are responsible for recommending an encryption service to manage their encrypted keys. You have the following requirements: ✑ The master key must be rotated at least once every 45 days. ✑ The solution that...

A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer’s browser and GCP when the customers checkout online. What should they do?A . Configure an SSL Certificate on an L7 Load Balancer and require encryption.B...

You have a highly sensitive BigQuery workload that contains personally identifiable information (Pll) that you want to ensure is not accessible from the internet. To prevent data exfiltration only requests from authorized IP addresses are allowed to query your BigQuery tables. What should you do?A . Use service perimeter and...