- All Exams Instant Download
Which two tasks should your team perform to handle this request?
Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester. Which two tasks should your team perform to handle this request? (Choose two.)A . Remove all users from the Project Creator role at...
What should your team do to meet these requirements?
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership. What should your team do to meet these requirements?A . Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.B...
What should they do?
A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container. What should they do?A . Use Cloud Build to build the container images.B . Build small containers using small base...
How should the organization achieve this objective?
For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on “in- scope” Nodes only. These Nodes can only contain the “in-scope” Pods. How should the organization achieve this objective?A . Add a nodeSelector field to the pod configuration to only use the Nodes labeled inscope:...
Which two approaches can you take to meet the requirements?
A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project. Which two approaches can you take to meet the requirements? (Choose two.)A...
Which document should you review to find the information?
You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls. Which document should you review to find the information?A . Google Cloud Platform: Customer Responsibility MatrixB . PCI DSS Requirements and Security Assessment ProceduresC . PCI SSC Cloud Computing GuidelinesD . Product documentation for Compute...
What type of Load Balancing should you use?
Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer. What type of Load Balancing should...
What should you do?
You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account. What should you do?A . Query Data Access logs.B . Query Admin Activity logs.C . Query Access Transparency logs.D . Query Stackdriver Monitoring Workspace.View...
What should you do?
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?A . Enforce 2-factor authentication in...
What should you do?
You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You...
