Professional Cloud Security Engineer V2

What are the steps to encrypt data using envelope encryption?A . Generate a data encryption key (DEK) locally. Use a key encryption key (KEK) to wrap the DEK. Encrypt data with the KEK. Store the encrypted data and the wrapped KEK.B . Generate a key encryption key (KEK) locally. Use...

A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires...

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system. How should the customer achieve this using Google Cloud Platform?A . Use Cloud Source Repositories, and store secrets in Cloud SQL.B . Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store...

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account. What should you do?A . Query Data Access logs.B . Query Admin Activity logs.C . Query Access Transparency logs.D . Query Stackdriver Monitoring Workspace.View...

Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?A . Security ReviewerB . lAP-Secured Tunnel UserC . lAP-Secured Web App UserD . Service Broker OperatorView AnswerAnswer: C Explanation: IAP-Secured Tunnel User: Grants access to tunnel resources that use IAP. IAP-Secured...

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a...

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?A . Configure Secret Manager to manage service account keys.B . Enable...

You work for an organization in a regulated industry that has strict data protection requirements. The organization backs up their data in the cloud. To comply with data privacy regulations, this data can only be stored for a specific length of time and must be deleted after this specific period....

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a...

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys. What should...