- All Exams Instant Download
Which solution should this customer use?
A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this customer use?A . VPC Flow LogsB . Cloud ArmorC . DNS Security ExtensionsD . Cloud Identity-Aware ProxyView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/blog/products/gcp/dnssec-now-available-in-cloud-dns DNSSEC ― use...
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Which two implied firewall rules are defined on a VPC network? (Choose two.)A . A rule that allows all outbound connectionsB . A rule that denies all inbound connectionsC . A rule that blocks all inbound port 25 connectionsD . A rule that blocks all outbound connectionsE . A rule...
How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?
A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing. How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?A . Build new base images when...
How should the company accomplish this?
A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location. How should the company accomplish this?A . Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995.B . Create a...
What should you do?
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?A . Enforce 2-factor authentication in...
What should the customer do to meet these requirements?
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy. What should the customer do to meet these requirements?A . Make sure that the...
Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.
Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.View AnswerAnswer: D Explanation: restricted.googleapis.com (199.36.153.4/30) only provides access to Cloud and Developer APIs that support VPC Service Controls. VPC Service Controls are enforced for these services https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
What technique should the institution use?
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery. What technique should the institution use?A . Use Cloud Storage as a federated Data Source.B . Use a Cloud...
Which two actions should you take?
You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires you to maintain the user identity in a third-party identity management provider and leverage single sign-on. You learn that a significant...
What could have caused this alert?
You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under...
