Which connectivity option should be implemented?

A customer is collaborating with another company to build an application on Compute Engine. The customer is building the application tier in their GCP Organization, and the other company is building the storage tier in a different GCP Organization. This is a 3-tier web application. Communication between portions of the...

October 23, 2022No CommentsREAD MORE +

How should you resolve this error?

You are exporting application logs to Cloud Storage. You encounter an error message that the log sinks don't support uniform bucket-level access policies. How should you resolve this error?A . Change the access control model for the bucket B. Update your sink with the correct bucket destination. C. Add the...

October 23, 2022No CommentsREAD MORE +

Which service should be used to accomplish this?

A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?A . Cloud Armor B. Google Cloud Audit Logs C. Cloud Security Scanner D. Forseti SecurityView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/security-scanner/

October 22, 2022No CommentsREAD MORE +

What solution would help meet the requirements?

An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization’s risk team wants to ensure that network security controls are maintained and...

October 22, 2022No CommentsREAD MORE +

Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.

Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.View AnswerAnswer: B

October 22, 2022No CommentsREAD MORE +

What should you do?

Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?A . Enforce 2-factor authentication in...

October 22, 2022No CommentsREAD MORE +

What should your team grant to Engineering Group A to meet this requirement?

Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet. What should...

October 22, 2022No CommentsREAD MORE +

What should they do?

A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container. What should they do?A . Use Cloud Build to build the container images. B. Build small containers using small base...

October 22, 2022No CommentsREAD MORE +

How should you accomplish this?

You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution: Must be cloud-native Must be cost-efficient Minimize operational overhead How should...

October 21, 2022No CommentsREAD MORE +

Which VPC Service Controls mode should you use?

You need to enable VPC Service Controls and allow changes to perimeters in existing environments without preventing access to resources. Which VPC Service Controls mode should you use?A . Cloud Run B. Native C. Enforced D. Dry runView AnswerAnswer: D Explanation: Reference: https://cloud.google.com/vpc-service-controls/docs/service-perimeters

October 21, 2022No CommentsREAD MORE +