- All Exams Instant Download
What should you do?
A companys application is deployed with a user-managed Service Account key. You want to use Google- recommended practices to rotate the key. What should you do?A . Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNC . Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEE ....
Which Cloud Data Loss Prevention API technique should you use to accomplish this?
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should...
Which option meets the requirement of your team?
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?A . Create a Cloud...
What should the customer do to meet these requirements?
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy. What should the customer do to meet these requirements?A . Make sure that the ERP...
Process Cloud Storage objects in SIEM.
Process Cloud Storage objects in SIEM.View AnswerAnswer: B
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?A . Send all logs to the SIEM system via an existing protocol such as syslog.B . Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the...
Which product should be used to meet these requirements?
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only...
Which service should be used to accomplish this?
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?A . Cloud ArmorB . Google Cloud Audit LogsC . Cloud Security ScannerD . Forseti SecurityView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/security-scanner/
What should you do?
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs. What should...
Which Cloud Identity password guidelines can the organization use to inform their new requirements?
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization...
