- All Exams Instant Download
Which organization-level policy constraint should you enable?
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?A . compute.restrictSharedVpcHostProjectsB . compute.restrictXpnProjectLienRemovalC . compute.restrictSharedVpcSubnetworksD . compute.sharedReservationsOwnerProjectsView AnswerAnswer: B Explanation: Reference: https://cloud.google.com/vpc/docs/provisioning-shared-vpc https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints#constraints-for-specific-services - constraints/compute.restrictXpnProjectLienRemoval - Restrict shared VPC project lien removal This boolean constraint restricts the set of...
Which two log streams would provide the information that the administrator is looking for?
Applications often require access to “secrets” - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of “who did what, where, and when?” within their GCP projects. Which two log streams would provide the information that the...
What should you do?
You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You...
Which connectivity option should be implemented?
A customer is collaborating with another company to build an application on Compute Engine. The customer is building the application tier in their GCP Organization, and the other company is building the storage tier in a different GCP Organization. This is a 3-tier web application. Communication between portions of the...
What should you do?
You are auditing all your Google Cloud resources in the production project. You want to identity all principals who can change firewall rules. What should you do?A . Use Policy Analyzer lo query the permissions compute, firewalls, create of compute, firewalls. Create of compute,firewalls.delete.B . Reference the Security Health Analytics...
What should you do?
Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud. What should you do?A . Use the Cloud Key...
How should you manage these consumer user accounts with Cloud Identity?
You are onboarding new users into Cloud Identity and discover that some users have created consumer user accounts using the corporate domain name. How should you manage these consumer user accounts with Cloud Identity?A . Use Google Cloud Directory Sync to convert the unmanaged user accounts.B . Create a new...
What should your team grant to Engineering Group A to meet this requirement?
Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet. What should...
What should you do?
You are the security admin of your company. Your development team creates multiple GCP projects under the "implementation" folder for several dev, staging, and production workloads. You want to prevent data exfiltration by malicious insiders or compromised code by setting up a security perimeter. However, you do not want to...
What should you do?
You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices. What should you do?A . Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.B ....
