Which option should you recommend?
You are asked to recommend a solution to store and retrieve sensitive configuration data from an application that runs on Compute Engine. Which option should you recommend?A . Cloud Key Management Service B. Compute Engine guest attributes C. Compute Engine custom metadata D. Secret ManagerView AnswerAnswer: A Explanation: Reference: https://www.freecodecamp.org/news/google-cloud-platform-from-zero-to-hero/
Which Google Cloud product should you use?
You manage your organization's Security Operations Center (SOC). You currently monitor and detect network traffic anomalies in your Google Cloud VPCs based on packet header information. However, you want the capability to explore network flows and their payload to aid investigations. Which Google Cloud product should you use?A . Marketplace...
What should you do?
You want to update your existing VPC Service Controls perimeter with a new access level. You need to avoid breaking the existing perimeter with this change, and ensure the least disruptions to users while minimizing overhead. What should you do?A . Create an exact replica of your existing perimeter. Add...
Which two settings must remain disabled to meet these requirements?
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services. Which two settings must remain disabled to meet these requirements? (Choose two.)A . Public IP B. IP Forwarding C. Private Google Access D. Static routes...
How should you configure the network?
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that...
How should the organization achieve this objective?
For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on “in- scope” Nodes only. These Nodes can only contain the “in-scope” Pods. How should the organization achieve this objective?A . Add a nodeSelector field to the pod configuration to only use the Nodes labeled inscope:...
What should you do?
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?A . Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both...
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?
When working with agents in a support center via online chat, an organization’s customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs...
What should you do?
You need to centralize your team’s logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?A . Enable Cloud Monitoring workspace, and add the production projects to be monitored. B. Use Logs Explorer at the organization...
Which logs should the database administrator review?
A database administrator notices malicious activities within their Cloud SQL instance. The database administrator wants to monitor the API calls that read the configuration or metadata of resources. Which logs should the database administrator review?A . Admin Activity B. System Event C. Access Transparency D. Data AccessView AnswerAnswer: C