- All Exams Instant Download
Which service should be used to accomplish this?
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?A . Cloud Armor B. Google Cloud Audit Logs C. Cloud Security Scanner D. Forseti SecurityView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/security-scanner/
What solution would help meet the requirements?
An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization’s risk team wants to ensure that network security controls are maintained and...
Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.
Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.View AnswerAnswer: B
What should you do?
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?A . Enforce 2-factor authentication in...
What should your team grant to Engineering Group A to meet this requirement?
Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet. What should...
What should they do?
A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container. What should they do?A . Use Cloud Build to build the container images. B. Build small containers using small base...
How should you accomplish this?
You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution: Must be cloud-native Must be cost-efficient Minimize operational overhead How should...
Which VPC Service Controls mode should you use?
You need to enable VPC Service Controls and allow changes to perimeters in existing environments without preventing access to resources. Which VPC Service Controls mode should you use?A . Cloud Run B. Native C. Enforced D. Dry runView AnswerAnswer: D Explanation: Reference: https://cloud.google.com/vpc-service-controls/docs/service-perimeters
How should you configure the network?
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that...
Which Google 2SV option should you use?
You have noticed an increased number of phishing attacks across your enterprise user accounts. You want to implement the Google 2-Step Verification (2SV) option that uses a cryptographic signature to authenticate a user and verify the URL of the login page. Which Google 2SV option should you use?A . Titan...
