What should you do?
You are responsible for managing your company’s identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user’s access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?A . On the Google Admin...
What should you do?
Your company recently published a security policy to minimize the usage of service account keys. On-premises Windows-based applications are interacting with Google Cloud APIs. You need to implement Workload Identity Federation (WIF) with your identity provider on-premises. What should you do?A . Set up a workload identity pool with your...
Which solution should this customer use?
A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this customer use?A . VPC Flow LogsB . Cloud ArmorC . DNS Security ExtensionsD . Cloud Identity-Aware ProxyView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/blog/products/gcp/dnssec-now-available-in-cloud-dns DNSSEC ― use...
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Which two implied firewall rules are defined on a VPC network? (Choose two.)A . A rule that allows all outbound connectionsB . A rule that denies all inbound connectionsC . A rule that blocks all inbound port 25 connectionsD . A rule that blocks all outbound connectionsE . A rule...
How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?
A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing. How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?A . Build new base images when...
How should the company accomplish this?
A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location. How should the company accomplish this?A . Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995.B . Create a...
What should you do?
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?A . Enforce 2-factor authentication in...
What should the customer do to meet these requirements?
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy. What should the customer do to meet these requirements?A . Make sure that the...
Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.
Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.View AnswerAnswer: D Explanation: restricted.googleapis.com (199.36.153.4/30) only provides access to Cloud and Developer APIs that support VPC Service Controls. VPC Service Controls are enforced for these services https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
What technique should the institution use?
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery. What technique should the institution use?A . Use Cloud Storage as a federated Data Source.B . Use a Cloud...