- All Exams Instant Download
What should you do?
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs. What should...
What should you do?
You are creating an internal App Engine application that needs to access a user’s Google Drive on the user’s behalf. Your company does not want to rely on the current user’s credentials. It also wants to follow Google- recommended practices. What should you do?A . Create a new Service account,...
How should the DevOps team accomplish this?
A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE). How should the DevOps team accomplish this?A . Use Puppet or Chef to push out the patch to the running container.B . Verify that auto upgrade is...
What should you do to meet these requirements?
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other...
How should the team complete this task?
A customer’s internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK). How should the team complete this task?A . Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same...
What should you do?
Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process. What should you do?A . Use the Cloud Key Management Service to manage a data encryption key (DEK).B . Use the Cloud Key Management Service to manage a...
Which two cloud offerings meet this requirement without additional compensating controls?
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized. Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)A . App EngineB . Cloud FunctionsC . Compute EngineD . Google Kubernetes EngineE . Cloud StorageView AnswerAnswer: CD Explanation:...
Which Cloud Data Loss Prevention API technique should you use to accomplish this?
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should...
How should the company accomplish this?
A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location. How should the company accomplish this?A . Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995.B . Create a...
What should you do?
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?A . Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both...
