What should you do?
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?A . Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both...
What should you do?
Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way. What should you do?A . Create a service account key and add it to the GitHub pipeline configuration file.B...
What are the steps to encrypt data using envelope encryption?
What are the steps to encrypt data using envelope encryption?A . Generate a data encryption key (DEK) locally. Use a key encryption key (KEK) to wrap the DEK. Encrypt data with the KEK. Store the encrypted data and the wrapped KEK.B . Generate a key encryption key (KEK) locally. Use...
Which GCP product should the customer implement to meet these requirements?
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires...
How should the customer achieve this using Google Cloud Platform?
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system. How should the customer achieve this using Google Cloud Platform?A . Use Cloud Source Repositories, and store secrets in Cloud SQL.B . Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store...
What should you do?
You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account. What should you do?A . Query Data Access logs.B . Query Admin Activity logs.C . Query Access Transparency logs.D . Query Stackdriver Monitoring Workspace.View...
Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?
Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?A . Security ReviewerB . lAP-Secured Tunnel UserC . lAP-Secured Web App UserD . Service Broker OperatorView AnswerAnswer: C Explanation: IAP-Secured Tunnel User: Grants access to tunnel resources that use IAP. IAP-Secured...
What should you do?
You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a...
How should you enforce this?
Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?A . Configure Secret Manager to manage service account keys.B . Enable...
What should you do?
You work for an organization in a regulated industry that has strict data protection requirements. The organization backs up their data in the cloud. To comply with data privacy regulations, this data can only be stored for a specific length of time and must be deleted after this specific period....