Your company wishes to install an internal application in a custom VPC on Managed Instance. You have been tasked with ensuring that no traffic can access the internet. Which of the following contributes to meeting the requirement? Select TWO.
Correct
Incorrect
Question 2 of 29
2. Question
1 point(s)
Your company’s on-premises network hosts applications. You have been tasked with making it possible for on-premises systems to connect to Google APIs and services in a secure manner. How will you accomplish this? Select TWO.
Correct
Incorrect
Question 3 of 29
3. Question
1 point(s)
A GCP VPC has two subnets, A and B, each with one Compute engine instance. You’ve set up two firewall rules with logging turned on.
• Rule 1 is an egress firewall rule that denies communication from network instances to subnet B on port 80.
• Rule 2 is an ingress firewall rule that allows traffic from subnet A on port 80 to all instances in the network.
Subnet A’s Compute Engine tries to connect to Subnet B’s Compute Engine.
Which of the following assertions is TRUE?
Correct
Incorrect
Question 4 of 29
4. Question
1 point(s)
A company wishes to move some of its applications to Google Cloud. You are in charge of managing authentication to cloud resources. Which of the following is NOT a best practice for authentication management?
Correct
Incorrect
Question 5 of 29
5. Question
1 point(s)
The Compute Engine instances use service Accounts in your company’s Google project to authenticate with other services. You have been entrusted with handling the Service Account key rotation. Which of the following is NOT a step in the process of changing Service Account keys?
Correct
Incorrect
Question 6 of 29
6. Question
1 point(s)
A company’s Google organization houses a number of projects. There is a requirement to offer temporary access to resources across many projects for a few hours. Following Best practices for access management. Which of the following options do you think is best?
Correct
Incorrect
Question 7 of 29
7. Question
1 point(s)
You are a member of a worldwide gaming company’s security team. The company has developed a new application that will be hosted on GKE behind an HTTP(S) load balancer. The organization does not want the Load Balancer to allow traffic from clients that are utilizing out of date SSL features. Which of the following Load Balancer policies will NOT satisfy the requirement?
Correct
Incorrect
Question 8 of 29
8. Question
1 point(s)
A financial services firm is transferring its resources to the cloud. The security staff will be in charge of assigning permissions to Google Cloud users. Which of the following statements is NOT correct?
Correct
Incorrect
Question 9 of 29
9. Question
1 point(s)
A security team wishes to strengthen the present access control established in the Google Cloud organization in accordance with Google’s best practices. Which of the following is NOT a best practice for access control management?
Correct
Incorrect
Question 10 of 29
10. Question
1 point(s)
Your organization wants to run many applications in pods on a Google Kubernetes Engine Cluster. The apps necessitate access to various Google services and APIs. Which of the following approaches to granting access in a GKE environment is recommended?
Correct
Incorrect
Question 11 of 29
11. Question
1 point(s)
As a security engineer, you work for a healthcare firm. A new web-facing application has been deployed on Managed Instance Groups behind an HTTP(S) load balancer. The Load Balancer is set up with the default SSL policy. Which of the following statements is TRUE?
Correct
Incorrect
Question 12 of 29
12. Question
1 point(s)
Your customer is in charge of a large amount of financial transaction data. This data is kept in a Cloud Storage bucket with a locked retention policy and a lifecycle policy in place. The operation failed when an authorized security engineer attempted to delete a file from the bucket. Which of the following statements is TRUE?
Correct
Incorrect
Question 13 of 29
13. Question
1 point(s)
Your organization’s network security is managed by your security team. There is a requirement for Compute Engine Instances without external IPs to be able to access Google APIs.
What can you do to achieve this?
Correct
Incorrect
Question 14 of 29
14. Question
1 point(s)
A startup company wants to deploy applications using the default VPC. There is a requirement to verify that no internet traffic enters or exits the VPC. What steps can you take to fulfill this requirement?
Correct
Incorrect
Question 15 of 29
15. Question
1 point(s)
A customer wants to continue using their existing user directory for authentication to the new GCP applications they are developing. What steps can be taken to help satisfy this requirement?
Correct
Incorrect
Question 16 of 29
16. Question
1 point(s)
A client fears that their Google project is being used for unapproved purposes and has requested that you evaluate actions performed in the Google project to find any unauthorized activities. What steps can be taken to help satisfy this requirement?
Correct
Incorrect
Question 17 of 29
17. Question
1 point(s)
A legal agency that deals with highly sensitive case data is thinking about shifting the data to Google Cloud. One significant area of concern is the protection of personally identifiable information (PII) data in order to decrease the danger of persons being recognized through the data. Which solution should you utilize to achieve this set of criteria?
Correct
Incorrect
Question 18 of 29
18. Question
1 point(s)
Your team is keeping tabs on a new application that has been launched on Compute Engine instances. Several failed SSH attempts were discovered after studying the logs. When the number of failed logins reaches a certain level, your team would like to be notified. How will you accomplish this?
Correct
Incorrect
Question 19 of 29
19. Question
1 point(s)
Your team is in charge of safeguarding your company’s Google VPC network. In the Google project, two VPCs, development and staging VPCs, are peering. A Private Service Connect endpoint has been built in the Staging VPC for connecting to Google APIs. Private Google Access is not enabled in the development VPC. Firewall rules permit traffic to transit between VPCs. The compute instances in the development VPC are unable to connect to the Staging VPC’s Private Service Connect endpoint. Which of the following is NOT the cause of the connectivity problems?
Correct
Incorrect
Question 20 of 29
20. Question
1 point(s)
An IT organization just combined with another. Both companies are now using Google Cloud resources. The IT firm has an internal application in their VPC that they want the other company to be able to consume via Private Service Connect. It is your responsibility to configure the Private Service Connect. What should the target be set to?
Correct
Incorrect
Question 21 of 29
21. Question
1 point(s)
A firm wishes to deploy its internal applications in one VPC and make them available as public service endpoints to other VPCs. What Google service offers a centralized location for publishing and connecting to services?
Correct
Incorrect
Question 22 of 29
22. Question
1 point(s)
A business has launched a service that your company expects to use. It is your team’s responsibility to configure Private Service Connect in your Google Cloud project so that you may access the published service. Which of the following must you have in order to connect to the service?
Correct
Incorrect
Question 23 of 29
23. Question
1 point(s)
A financial firm has recently moved its workload to Google Compute Engine. Because of the sensitive nature of the data that the organization processes, the VMs’ operating systems must be patched on a regular basis. The most important requirement is an automated service that can handle the patching of its VM fleet. Which of the GCP services listed below can be used to meet this requirement?
Correct
Incorrect
Question 24 of 29
24. Question
1 point(s)
As stated below, your company has defined organizational policies at the organizational and project levels:
• The policy “Enforce public access prevention” is enabled on the organization node.
• Project A has a custom organization policy that specifies inheritFromParent as FALSE and “Restrict VPC peering usage” as Deny All.
• Project B has a custom organization policy that sets inheritFromParent to TRUE and enforces “Disable service account creation.”
Which of the following statements is NOT TRUE?
Correct
Incorrect
Question 25 of 29
25. Question
1 point(s)
A customer wishes to limit the pictures used to construct compute engine instances in its Google Organization’s projects. The security team is working on a project to produce and store protected images. How can you limit another project to only using images from the security team’s project?
Correct
Incorrect
Question 26 of 29
26. Question
1 point(s)
A health-care startup is migrating its applications and data to Google Cloud. The company is in charge of sensitive health data. Which of the following compliance criteria are they required to meet?
Correct
Incorrect
Question 27 of 29
27. Question
1 point(s)
A customer has developed a new application that will be deployed on App Engine behind an HTTP(S) load balancer. You have been assigned the duty of scanning the application with a Web Security Scanner. Which of the following attacks is NOT mitigated by Web Security Scanner?
Correct
Incorrect
Question 28 of 29
28. Question
1 point(s)
A customer desires that many teams share a single GKE cluster. Each team is responsible for its own project, which will be deployed to a namespace within the central GKE cluster. You are responsible for ensuring that the logs from each application are sent to the log bucket of the appropriate team. Which of the following will NOT help you attain your goal?
Correct
Incorrect
Question 29 of 29
29. Question
1 point(s)
You are a member of your company’s security team, which is in charge of the security of its data in the Google Cloud. They store critical data in the cloud. Which of the following does NOT lessen the possibility of data exposure?
Correct
Incorrect
Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !
Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !