- All Exams Instant Download
How should the team complete this task?
A customer’s internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK). How should the team complete this task?A . Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same...
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?A . SSL ProxyB . TCP ProxyC . Internal TCP/UDPD . TCP/UDP NetworkView AnswerAnswer: D Explanation: https://cloud.google.com/load-balancing/docs/load-balancing-overview https://cloud.google.com/load-balancing/docs/load-balancing-overview#choosing_a_load_balancer
Which solution should you use?
Your organization recently deployed a new application on Google Kubernetes Engine. You need to deploy a solution to protect the application. The solution has the following requirements: - Scans must run at least once per week - Must be able to detect cross-site scripting vulnerabilities - Must be able to...
What could have caused this alert?
You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under...
Which option meets the requirement of your team?
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?A . Create a Cloud...
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?
When working with agents in a support center via online chat, an organization’s customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs...
In Cloud KMS, grant your Google Cloud project access to use the key.
In Cloud KMS, grant your Google Cloud project access to use the key.View AnswerAnswer: C Explanation: https://cloud.google.com/kms/docs/ekm#how_it_works - First, you create or use an existing key in a supported external key management partner system. This key has a unique URI or key path. - Next, you grant your Google Cloud...
What should you do?
You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a...
What should you do?
You are responsible for managing your company’s identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user’s access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?A . On the Google Admin...
What should you do?
Your company recently published a security policy to minimize the usage of service account keys. On-premises Windows-based applications are interacting with Google Cloud APIs. You need to implement Workload Identity Federation (WIF) with your identity provider on-premises. What should you do?A . Set up a workload identity pool with your...
