- All Exams Instant Download
Which two roles should your team restrict?
Your team wants to limit users with administrative privileges at the organization level. Which two roles should your team restrict? (Choose two.)A . Organization Administrator B. Super Admin C. GKE Cluster Admin D. Compute Admin E. Organization Role ViewerView AnswerAnswer: A,B Explanation: Reference: https://cloud.google.com/resource-manager/docs/creating-managing-organization
Which service should you use?
Your company’s cloud security policy dictates that VM instances should not have an external IP address. You need to identify the Google Cloud service that will allow VM instances without external IP addresses to connect to the internet to update the VMs. Which service should you use?A . Identity Aware-Proxy...
What should you do?
A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery What should you do?A . Create a BigQuery view with regular expressions matching credit card numbers to query and...
Which Google 2SV option should you use?
You have noticed an increased number of phishing attacks across your enterprise user accounts. You want to implement the Google 2-Step Verification (2SV) option that uses a cryptographic signature to authenticate a user and verify the URL of the login page. Which Google 2SV option should you use?A . Titan...
How should you configure the network?
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that...
How should you configure the network?
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that...
Where should you export the logs?
A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries. Where should you export the logs?A . BigQuery datasets B. Cloud Storage buckets C. StackDriver logging D. Cloud Pub/Sub topicsView AnswerAnswer: B Explanation: Reference: https://cloud.google.com/logging/docs/exclusions
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?A . Send all logs to the SIEM system via an existing protocol such as syslog. B. Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the...
How should you accomplish this?
You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution: Must be cloud-native Must be cost-efficient Minimize operational overhead How should...
Which service should be used to accomplish this?
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?A . Cloud Armor B. Google Cloud Audit Logs C. Cloud Security Scanner D. Forseti SecurityView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/security-scanner/
