- All Exams Instant Download
How should the customer ensure authenticated network separation between the different tiers of the application?
A customer wants to deploy a large number of 3-tier web applications on Compute Engine. How should the customer ensure authenticated network separation between the different tiers of the application?A . Run each tier in its own Project, and segregate using Project labels.B . Run each tier with a different Service...
Which two roles should your team restrict?
Your team wants to limit users with administrative privileges at the organization level. Which two roles should your team restrict? (Choose two.)A . Organization AdministratorB . Super AdminC . GKE Cluster AdminD . Compute AdminE . Organization Role ViewerView AnswerAnswer: A,B Explanation: Reference: https://cloud.google.com/resource-manager/docs/creating-managing-organization
What should you do?
A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by...
Which two tasks should your team perform to handle this request?
Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester. Which two tasks should your team perform to handle this request? (Choose two.)A . Remove all users from the Project Creator role at the...
What should you do?
You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys. What should you...
What should you do to meet these requirements?
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other...
Where should you export the logs?
A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries. Where should you export the logs?A . BigQuery datasetsB . Cloud Storage bucketsC . StackDriver loggingD . Cloud Pub/Sub topicsView AnswerAnswer: B Explanation: Reference: https://cloud.google.com/logging/docs/exclusions
What should you do?
Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process. What should you do?A . Use the Cloud Key Management Service to manage a data encryption key (DEK).B . Use the Cloud Key Management Service to manage a key...
Which boot disk encryption solution should you use on the cluster to meet this customers requirements?
A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys. Which boot disk encryption solution should you use on the...
What should you do?
While migrating your organizations infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password. What should...
