- All Exams Instant Download
What should you do?
You run applications on Cloud Run. You already enabled container analysis for vulnerability scanning. However, you are concerned about the lack of control on the applications that are deployed. You must ensure that only trusted container images are deployed on Cloud Run. What should you do? Choose 2 answersA ....
How should you prevent and fix this vulnerability?
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser...
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Which two implied firewall rules are defined on a VPC network? (Choose two.)A . A rule that allows all outbound connectionsB . A rule that denies all inbound connectionsC . A rule that blocks all inbound port 25 connectionsD . A rule that blocks all outbound connectionsE . A rule...
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Which two implied firewall rules are defined on a VPC network? (Choose two.)A . A rule that allows all outbound connectionsB . A rule that denies all inbound connectionsC . A rule that blocks all inbound port 25 connectionsD . A rule that blocks all outbound connectionsE . A rule...
Process Cloud Storage objects in SIEM.
Process Cloud Storage objects in SIEM.View AnswerAnswer: C Explanation: "Your team needs to obtain a unified log view of all development cloud projects in your SIEM" - This means we are ONLY interested in development projects. "The development projects are under the NONPROD organization folder with the test and pre-production...
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Which two implied firewall rules are defined on a VPC network? (Choose two.)A . A rule that allows all outbound connectionsB . A rule that denies all inbound connectionsC . A rule that blocks all inbound port 25 connectionsD . A rule that blocks all outbound connectionsE . A rule...
Which two strategies should your team use to meet these requirements?
A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet. Which two strategies should your team...
Which solution should your team implement to meet these requirements?
An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request. Your team wants to avoid exposing the application directly on the internet and...
Which organization-level policy constraint should you enable?
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?A . compute.restrictSharedVpcHostProjectsB . compute.restrictXpnProjectLienRemovalC . compute.restrictSharedVpcSubnetworksD . compute.sharedReservationsOwnerProjectsView AnswerAnswer: B Explanation: Reference: https://cloud.google.com/vpc/docs/provisioning-shared-vpc https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints#constraints-for-specific-services - constraints/compute.restrictXpnProjectLienRemoval - Restrict shared VPC project lien removal This boolean constraint restricts the set of...
Which two log streams would provide the information that the administrator is looking for?
Applications often require access to “secrets” - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of “who did what, where, and when?” within their GCP projects. Which two log streams would provide the information that the...
