Killtest2022
Uploaded by
21 SLIDES
228 VUES
210LIKES

Updated Professional Cloud Security Engineer Study Guide [Killtest]

DESCRIPTION

Preparing for Professional Cloud Security Engineer Google Cloud Certified - Professional Cloud Security Engineer certification exam for passing Professional Cloud Security Engineer Google exam successfully is guaranteed by Killtest updated Professional Cloud Security Engineer study guide. All Killtest Professional Cloud Security Engineer study guide here are great with actual questions and precise answers to ensure that you can pass Google Professional Cloud Security Engineer exam in the first attempt.

1 / 21

Télécharger la présentation

Updated Professional Cloud Security Engineer Study Guide [Killtest]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. G OOG LE CLOU D CERTI FI CA TI ON Exam Prof e ssional Cl ou d S e cu rit y Eng ine e r Q u e st ions V10 . 0 2 G oog l e Cl ou d Ce rt if icat ion Top ics - G oog l e Cl ou d Ce rt if ie d - Prof e ssion al Cl ou d S e cu rit y En g in e e r 1 / 22

  2. 1. You are p art of a se cu rit y t e am t hat w ant s t o e nsu re t hat a Cl ou d S t orag e bu cke t in Proj e ct A can onl y be re adabl e f rom Proj e ct B. You al so w ant t o e nsu re t hat dat a in t he Cl ou d S t orag e bu cke t cannot be acce sse d f rom or cop ie d t o Cl ou d S t orag e bu cke t s ou t side t he ne t w ork, e ve n if t he u se r has t he corre ct cre de nt ial s. W hat shou l d you do? A . Enabl e VPC S e rvice Cont rol s, cre at e a p e rim e t e r w it h Proj e ct A and B, and incl u de Cl ou d S t orag e se rvice . B. Enabl e D om ain Re st rict e d S haring O rg aniz at ion Pol icy and Bu cke t Pol icy O nl y on t he Cl ou d S t orag e bu cke t . C. Enabl e Privat e A cce ss in Proj e ct A and B ne t w orks w it h st rict f ire w al l ru l e s t o al l ow com m u nicat ion be t w e e n t he ne t w orks. D . Enabl e VPC Pe e ring be t w e e n Proj e ct A and B ne t w orks w it h st rict f ire w al l ru l e s t o al l ow com m u nicat ion be t w e e n t he ne t w orks. A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / re sou rce - m anag e r/ docs/ org aniz at ion- p ol icy/ re st rict ing - dom ains Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online 2 . A n org aniz at ion is e val u at ing t he u se of G oog l e Cl ou d Pl at f orm ( G CP) f or ce rt ain I T w orkl oads. A w e l l - e st abl ishe d dire ct ory se rvice is u se d t o m anag e u se r ide nt it ie s and l if e cycl e m anag e m e nt . This dire ct ory se rvice m u st cont inu e f or t he org aniz at ion t o u se as t he “ sou rce of t ru t h” dire ct ory f or ide nt it ie s. W hich sol u t ion m e e t s t he org aniz at ion' s re q u ire m e nt s? A . G oog l e Cl ou d D ire ct ory S ync ( G CD S ) B. Cl ou d I de nt it y C. S e cu rit y A sse rt ion M arku p Lang u ag e ( S A M L) D . Pu b/ S u b A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / sol u t ions/ f e de rat ing - g cp - w it h- act ive - dire ct ory- int rodu ct ion 3. You r com p any has de p l oye d an ap p l icat ion on Com p u t e Eng ine . The ap p l icat ion is acce ssibl e by cl ie nt s on p ort 58 7. You ne e d t o bal ance t he l oad be t w e e n t he dif f e re nt inst ance s ru nning t he ap p l icat ion. The conne ct ion shou l d be se cu re d u sing TLS , and t e rm inat e d by t he Load Bal ance r. W hat t yp e of Load Bal ancing shou l d you u se ? A . Ne t w ork Load Bal ancing B. HTTP( S ) Load Bal ancing C. TCP Proxy Load Bal ancing D . S S L Proxy Load Bal ancing 2 / 22

  3. A nsw e r: D Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / l oad- bal ancing / docs/ ssl / 4. A cu st om e r is col l aborat ing w it h anot he r com p any t o bu il d an ap p l icat ion on Com p u t e Eng ine . The cu st om e r is bu il ding t he ap p l icat ion t ie r in t he ir G CP O rg aniz at ion, and t he ot he r com p any is bu il ding t he st orag e t ie r in a dif f e re nt G CP O rg aniz at ion. This is a 3- t ie r w e b ap p l icat ion. Com m u nicat ion be t w e e n p ort ions of t he ap p l icat ion m u st not t rave rse t he p u bl ic int e rne t by any m e ans. W hich conne ct ivit y op t ion shou l d be im p l e m e nt e d? A . VPC p e e ring B. Cl ou d VPN C. Cl ou d I nt e rconne ct D . S hare d VPC A nsw e r: B Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online a p riorit y l e ss t han 10 0 0 . A nsw e r: D 5. A cu st om e r has an anal yt ics w orkl oad ru nning on Com p u t e Eng ine t hat shou l d have l im it e d int e rne t acce ss. You r t e am cre at e d an e g re ss f ire w al l ru l e t o de ny ( p riorit y 10 0 0 ) al l t raf f ic t o t he int e rne t . The Com p u t e Eng ine inst ance s now ne e d t o re ach ou t t o t he p u bl ic re p osit ory t o g e t se cu rit y u p dat e s . W hat shou l d you r t e am do? A . Cre at e an e g re ss f ire w al l ru l e t o al l ow t raf f ic t o t he CI D R rang e of t he re p osit ory w it h a p riorit y g re at e r t han 10 0 0 . B. Cre at e an e g re ss f ire w al l ru l e t o al l ow t raf f ic t o t he CI D R rang e of t he re p osit ory w it h a p riorit y l e ss t han 10 0 0 . C. Cre at e an e g re ss f ire w al l ru l e t o al l ow t raf f ic t o t he host nam e of t he re p osit ory w it h a p riorit y g re at e r t han 10 0 0 . D . Cre at e an e g re ss f ire w al l ru l e t o al l ow t raf f ic t o t he host nam e of t he re p osit ory w it h 6. A n org aniz at ion is st art ing t o m ove it s inf rast ru ct u re f rom it s on- p re m ise s e nvironm e nt t o G oog l e Cl ou d Pl at f orm ( G CP) . The f irst st e p t he org aniz at ion w ant s t o t ake is t o m ig rat e it s cu rre nt dat a backu p and disast e r re cove ry sol u t ions t o G CP f or l at e r anal ysis. The org aniz at ion’ s p rodu ct ion e nvironm e nt w il l re m ain on- p re m ise s f or an inde f init e t im e . The org aniz at ion w ant s a scal abl e and cost - e f f icie nt sol u t ion. W hich G CP sol u t ion shou l d t he org aniz at ion u se ? A . Big Q u e ry u sing a dat a p ip e l ine j ob w it h cont inu ou s u p dat e s 3 / 22

  4. B. Cl ou d S t orag e u sing a sche du l e d t ask and g su t il C. Com p u t e Eng ine Virt u al M achine s u sing Pe rsist e nt D isk D . Cl ou d D at ast ore u sing re g u l arl y sche du l e d bat ch u p l oad j obs A nsw e r: A 7. A n org aniz at ion is m oving ap p l icat ions t o G oog l e Cl ou d w hil e m aint aining a f e w m ission- crit ical ap p l icat ions on- p re m ise s. The org aniz at ion m u st t ransf e r t he dat a at a bandw idt h of at l e ast 50 G bp s . W hat shou l d t he y u se t o e nsu re se cu re cont inu e d conne ct ivit y be t w e e n sit e s? A . D e dicat e d I nt e rconne ct B. Cl ou d Rou t e r C. Cl ou d VPN D . Part ne r I nt e rconne ct A nsw e r: A Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / archit e ct u re / m ig rat ion- t o- g oog l e - cl ou d- t ransf e rring - you r- l arg e - dat ase t s Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / se cu rit y- com m and- ce nt e r/ docs/ conce p t s- w e b- se cu rit y- scanne r- ove rvie w 8 . You r org aniz at ion re ce nt l y de p l oye d a ne w ap p l icat ion on G oog l e K u be rne t e s Eng ine . You ne e d t o de p l oy a sol u t ion t o p rot e ct t he ap p l icat ion. The sol u t ion has t he f ol l ow ing re q u ire m e nt s: S cans m u st ru n at l e ast once p e r w e e k M u st be abl e t o de t e ct cross- sit e scrip t ing vu l ne rabil it ie s M u st be abl e t o au t he nt icat e u sing G oog l e accou nt s W hich sol u t ion shou l d you u se ? A . G oog l e Cl ou d A rm or B. W e b S e cu rit y S canne r C. S e cu rit y He al t h A nal yt ics D . Cont aine r Thre at D e t e ct ion A nsw e r: B Exp l anat ion: 9. A cu st om e r ne e ds t o p re ve nt at t acke rs f rom hij acking t he ir dom ain/ I P and re dire ct ing u se rs t o a m al iciou s sit e t hrou g h a m an- in- t he - m iddl e at t ack. W hich sol u t ion shou l d t his cu st om e r u se ? A . VPC Fl ow Log s B. Cl ou d A rm or C. D NS S e cu rit y Ext e nsions 4 / 22

  5. D . Cl ou d I de nt it y- A w are Proxy A nsw e r: C Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / bl og / p rodu ct s/ g cp / dnsse c- now - avail abl e - in- cl ou d- dns 10 . You are t aske d w it h e xp ort ing and au dit ing se cu rit y l og s f or l og in act ivit y e ve nt s f or G oog l e Cl ou d consol e and A PI cal l s t hat m odif y conf ig u rat ions t o G oog l e Cl ou d re sou rce s. You r e xp ort m u st m e e t t he f ol l ow ing re q u ire m e nt s: Exp ort re l at e d l og s f or al l p roj e ct s in t he G oog l e Cl ou d org aniz at ion. Exp ort l og s in ne ar re al - t im e t o an e xt e rnal S I EM . W hat shou l d you do? ( Choose t w o. ) A . Cre at e a Log S ink at t he org aniz at ion l e ve l w it h a Pu b/ S u b de st inat ion. B. Cre at e a Log S ink at t he org aniz at ion l e ve l w it h t he incl u de Chil dre n p aram e t e r, and se t t he de st inat ion t o a Pu b/ S u b t op ic. C. Enabl e D at a A cce ss au dit l og s at t he org aniz at ion l e ve l t o ap p l y t o al l p roj e ct s. D . Enabl e G oog l e W orksp ace au dit l og s t o be share d w it h G oog l e Cl ou d in t he A dm in Consol e . E. Ensu re t hat t he S I EM p roce sse s t he A u t he nt icat ionI nf o f ie l d in t he au dit l og e nt ry t o g at he r ide nt it y inf orm at ion. A nsw e r: A , E Exp l anat ion: Re f e re nce : ht t p s: / / w w w . dat adog hq . com / bl og / m onit oring - g cp - au dit - l og s/ Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online W hich G oog l e Cl ou d sol u t ion shou l d t he org aniz at ion u se t o he l p re sol ve t his conce rn f or t he cu st om e r w hil e st il l m aint aining dat a u t il it y? A . U se Cl ou d K e y M anag e m e nt S e rvice ( K M S ) t o e ncryp t t he PI I dat a share d by cu st om e rs be f ore st oring it f or anal ysis. B. U se O bj e ct Lif e cycl e M anag e m e nt t o m ake su re t hat al l chat re cords w it h PI I in t he m are discarde d and not save d f or anal ysis. C. U se t he im ag e insp e ct ion and re dact ion act ions of t he D LP A PI t o re dact PI I f rom t he im ag e s be f ore st oring t he m f or anal ysis. D . U se t he g e ne ral iz at ion and bu cke t ing act ions of t he D LP A PI sol u t ion t o re dact PI I f rom t he t e xt s be f ore st oring t he m f or anal ysis. A nsw e r: C 11. W he n w orking w it h ag e nt s in a su p p ort ce nt e r via onl ine chat , an org aniz at ion’ s cu st om e rs of t e n share p ict u re s of t he ir docu m e nt s w it h p e rsonal l y ide nt if iabl e inf orm at ion ( PI I ) . The org aniz at ion t hat ow ns t he su p p ort ce nt e r is conce rne d t hat t he PI I is be ing st ore d in t he ir dat abase s as p art of t he re g u l ar chat l og s t he y re t ain f or re vie w by int e rnal or e xt e rnal anal yst s f or cu st om e r se rvice t re nd anal ysis. 5 / 22

  6. Exp l anat ion: ht t p s: / / cl ou d. g oog l e . com / dl p / docs/ conce p t s- im ag e - re dact ion 12 . You p e rf orm a se cu rit y asse ssm e nt on a cu st om e r archit e ct u re and discove r t hat m u l t ip l e VM s have p u bl ic I P addre sse s. A f t e r p roviding a re com m e ndat ion t o re m ove t he p u bl ic I P addre sse s, you are t ol d t hose VM s ne e d t o com m u nicat e t o e xt e rnal sit e s as p art of t he cu st om e r' s t yp ical op e rat ions . W hat shou l d you re com m e nd t o re du ce t he ne e d f or p u bl ic I P addre sse s in you r cu st om e r' s VM s? A . G oog l e Cl ou d A rm or B. Cl ou d NA T C. Cl ou d Rou t e r D . Cl ou d VPN A nsw e r: D Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / bl og / t op ics/ de ve l op e rs- p ract it ione rs/ l im it ing - p u bl ic- ip s- g oog l e - cl ou d Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online D . Cre at e a Cl ou d VPN conne ct ion be t w e e n t he t w o re g ions, and e nabl e G oog l e Privat e A cce ss. A nsw e r: A 13. You r com p any op e rat e s an ap p l icat ion inst ance g rou p t hat is cu rre nt l y de p l oye d be hind a G oog l e Cl ou d l oad bal ance r in u s- ce nt ral - 1 and is conf ig u re d t o u se t he S t andard Tie r ne t w ork. The inf rast ru ct u re t e am w ant s t o e xp and t o a se cond G oog l e Cl ou d re g ion, u s- e ast - 2 . You ne e d t o se t u p a sing l e e xt e rnal I P addre ss t o dist ribu t e ne w re q u e st s t o t he inst ance g rou p s in bot h re g ions. W hat shou l d you do? A . Chang e t he l oad bal ance r backe nd conf ig u rat ion t o u se ne t w ork e ndp oint g rou p s inst e ad of inst ance g rou p s. B. Chang e t he l oad bal ance r f ront e nd conf ig u rat ion t o u se t he Pre m iu m Tie r ne t w ork, and add t he ne w inst ance g rou p . C. Cre at e a ne w l oad bal ance r in u s- e ast - 2 u sing t he S t andard Tie r ne t w ork, and assig n a st at ic e xt e rnal I P addre ss. 14. A l arg e e - re t ail e r is m oving t o G oog l e Cl ou d Pl at f orm w it h it s e com m e rce w e bsit e . The com p any w ant s t o e nsu re p aym e nt inf orm at ion is e ncryp t e d be t w e e n t he cu st om e r’ s brow se r and G CP w he n t he cu st om e rs che ckou t onl ine . W hat shou l d t he y do? A . Conf ig u re an S S L Ce rt if icat e on an L7 Load Bal ance r and re q u ire e ncryp t ion. B. Conf ig u re an S S L Ce rt if icat e on a Ne t w ork TCP Load Bal ance r and re q u ire 6 / 22

  7. e ncryp t ion. C. Conf ig u re t he f ire w al l t o al l ow inbou nd t raf f ic on p ort 443, and bl ock al l ot he r inbou nd t raf f ic. D . Conf ig u re t he f ire w al l t o al l ow ou t bou nd t raf f ic on p ort 443, and bl ock al l ot he r ou t bou nd t raf f ic. A nsw e r: A 15. You re ce nt l y j oine d t he ne t w orking t e am su p p ort ing you r com p any' s G oog l e Cl ou d im p l e m e nt at ion. You are t aske d w it h f am il iariz ing you rse l f w it h t he f ire w al l ru l e s conf ig u rat ion and p roviding re com m e ndat ions base d on you r ne t w orking and G oog l e Cl ou d e xp e rie nce . W hat p rodu ct shou l d you re com m e nd t o de t e ct f ire w al l ru l e s t hat are ove rl ap p e d by at t ribu t e s f rom ot he r f ire w al l ru l e s w it h hig he r or e q u al p riorit y? A . S e cu rit y Com m and Ce nt e r B. Fire w al l Ru l e s Log g ing C. VPC Fl ow Log s D . Fire w al l I nsig ht s A nsw e r: D Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / ne t w ork- int e l l ig e nce - ce nt e r/ docs/ f ire w al l - insig ht s/ conce p t s/ ove rvie w Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / vp c/ docs/ f ire w al l s 16. W hich t w o im p l ie d f ire w al l ru l e s are de f ine d on a VPC ne t w ork? ( Choose t w o. ) A . A ru l e t hat al l ow s al l ou t bou nd conne ct ions B. A ru l e t hat de nie s al l inbou nd conne ct ions C. A ru l e t hat bl ocks al l inbou nd p ort 2 5 conne ct ions D . A ru l e t hat bl ocks al l ou t bou nd conne ct ions E. A ru l e t hat al l ow s al l inbou nd p ort 8 0 conne ct ions A nsw e r: A , B Exp l anat ion: 17. You ne e d t o p rovide a corp orat e u se r accou nt in G oog l e Cl ou d f or e ach of you r de ve l op e rs and op e rat ional st af f w ho ne e d dire ct acce ss t o G CP re sou rce s. Corp orat e p ol icy re q u ire s you t o m aint ain t he u se r ide nt it y in a t hird- p art y ide nt it y m anag e m e nt p rovide r and l e ve rag e sing l e sig n- on. You l e arn t hat a sig nif icant nu m be r of u se rs are u sing t he ir corp orat e dom ain e m ail addre sse s f or p e rsonal G oog l e accou nt s, and you ne e d t o f ol l ow G oog l e re com m e nde d p ract ice s t o conve rt e xist ing u nm anag e d u se rs t o m anag e d accou nt s. W hich t w o act ions shou l d you t ake ? ( Choose t w o. ) 7 / 22

  8. A . U se G oog l e Cl ou d D ire ct ory S ync t o synchroniz e you r l ocal ide nt it y m anag e m e nt syst e m t o Cl ou d I de nt it y. B. U se t he G oog l e A dm in consol e t o vie w w hich m anag e d u se rs are u sing a p e rsonal accou nt f or t he ir re cove ry e m ail . C. A dd u se rs t o you r m anag e d G oog l e accou nt and f orce u se rs t o chang e t he e m ail addre sse s associat e d w it h t he ir p e rsonal accou nt s. D . U se t he Transf e r Tool f or U nm anag e d U se rs ( TTU U ) t o f ind u se rs w it h conf l ict ing accou nt s and ask t he m t o t ransf e r t he ir p e rsonal G oog l e accou nt s. E. S e nd an e m ail t o al l of you r e m p l oye e s and ask t hose u se rs w it h corp orat e e m ail addre sse s f or p e rsonal G oog l e accou nt s t o de l e t e t he p e rsonal accou nt s im m e diat e l y. A nsw e r: B, E Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online conf ig u rat ion dat a f rom an ap p l icat ion t hat ru ns on Com p u t e Eng ine . W hich op t ion shou l d you re com m e nd? A . Cl ou d K e y M anag e m e nt S e rvice B. Com p u t e Eng ine g u e st at t ribu t e s C. Com p u t e Eng ine cu st om m e t adat a D . S e cre t M anag e r A nsw e r: A Exp l anat ion: Re f e re nce : ht t p s: / / w w w . f re e code cam p . org / ne w s/ g oog l e - cl ou d- p l at f orm - f rom - z e ro- t o- he ro/ 18 . I n orde r t o m e e t PCI D S S re q u ire m e nt s, a cu st om e r w ant s t o e nsu re t hat al l ou t bou nd t raf f ic is au t horiz e d. W hich t w o cl ou d of f e ring s m e e t t his re q u ire m e nt w it hou t addit ional com p e nsat ing cont rol s? ( Choose t w o. ) A . A p p Eng ine B. Cl ou d Fu nct ions C. Com p u t e Eng ine D . G oog l e K u be rne t e s Eng ine E. Cl ou d S t orag e A nsw e r: C, D Exp l anat ion: A p p Eng ine ing re ss f ire w al l ru l e s are avail abl e , bu t e g re ss ru l e s are not cu rre nt l y avail abl e . Pe r re q u ire m e nt s 1. 2 . 1 and 1. 3. 4, you m u st e nsu re t hat al l ou t bou nd t raf f ic is au t horiz e d. S A Q A - EP and S A Q D Ct yp e m e rchant s m u st p rovide com p e nsat ing cont rol s or u se a dif f e re nt G oog l e Cl ou d p rodu ct . Com p u t e Eng ine and G K E are t he p re f e rre d al t e rnat ive s. ht t p s: / / cl ou d. g oog l e . com / sol u t ions/ p ci- dss- com p l iance - in- g cp 19. You are aske d t o re com m e nd a sol u t ion t o st ore and re t rie ve se nsit ive 8 / 22

  9. 2 0 . A com p any is ru nning t he ir w e bshop on G oog l e K u be rne t e s Eng ine and w ant s t o anal yz e cu st om e r t ransact ions in Big Q u e ry. You ne e d t o e nsu re t hat no cre dit card nu m be rs are st ore d in Big Q u e ry W hat shou l d you do? A . Cre at e a Big Q u e ry vie w w it h re g u l ar e xp re ssions m at ching cre dit card nu m be rs t o q u e ry and de l e t e af f e ct e d row s. B. U se t he Cl ou d D at a Loss Pre ve nt ion A PI t o re dact re l at e d inf oTyp e s be f ore dat a is ing e st e d int o Big Q u e ry. C. Le ve rag e S e cu rit y Com m and Ce nt e r t o scan f or t he asse t s of t yp e Cre dit Card Nu m be r in Big Q u e ry. D . Enabl e Cl ou d I de nt it y- A w are Proxy t o f il t e r ou t cre dit card nu m be rs be f ore st oring t he l og s in Big Q u e ry. A nsw e r: D Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / re sou rce - m anag e r/ docs/ org aniz at ion- p ol icy/ re st rict ing - se rvice - accou nt s 2 1. You p l an t o de p l oy you r cl ou d inf rast ru ct u re u sing a CI / CD cl u st e r host e d on Com p u t e Eng ine . You w ant t o m inim iz e t he risk of it s cre de nt ial s be ing st ol e n by a t hird p art y . W hat shou l d you do? A . Cre at e a de dicat e d Cl ou d I de nt it y u se r accou nt f or t he cl u st e r. U se a st rong se l f - host e d vau l t sol u t ion t o st ore t he u se r' s t e m p orary cre de nt ial s. B. Cre at e a de dicat e d Cl ou d I de nt it y u se r accou nt f or t he cl u st e r. Enabl e t he const raint s/ iam . disabl e S e rvice A ccou nt Cre at ion org aniz at ion p ol icy at t he p roj e ct l e ve l . C. Cre at e a cu st om se rvice accou nt f or t he cl u st e r Enabl e t he const raint s/ iam . disabl e S e rvice A ccou nt K e yCre at ion org aniz at ion p ol icy at t he p roj e ct l e ve l . D . Cre at e a cu st om se rvice accou nt f or t he cl u st e r Enabl e t he const raint s/ iam . al l ow S e rvice A ccou nt Cre de nt ial Lif e t im e Ext e nsion org aniz at ion p ol icy at t he p roj e ct l e ve l . A nsw e r: D Exp l anat ion: 2 2 . A cu st om e r’ s dat a scie nce g rou p w ant s t o u se G oog l e Cl ou d Pl at f orm ( G CP) f or t he ir anal yt ics w orkl oads. Com p any p ol icy dict at e s t hat al l dat a m u st be com p any- ow ne d and al l u se r au t he nt icat ions m u st g o t hrou g h t he ir ow n S e cu rit y A sse rt ion M arku p Lang u ag e ( S A M L) 2 . 0 I de nt it y Provide r ( I dP) . The I nf rast ru ct u re O p e rat ions S yst e m s Eng ine e r w as t rying t o se t u p Cl ou d I de nt it y f or t he cu st om e r and re al iz e d t hat t he ir dom ain w as 9 / 22

  10. al re ady be ing u se d by G S u it e . How shou l d you be st advise t he S yst e m s Eng ine e r t o p roce e d w it h t he l e ast disru p t ion? A . Cont act G oog l e S u p p ort and init iat e t he D om ain Cont e st at ion Proce ss t o u se t he dom ain nam e in you r ne w Cl ou d I de nt it y dom ain. B. Re g ist e r a ne w dom ain nam e , and u se t hat f or t he ne w Cl ou d I de nt it y dom ain. C. A sk G oog l e t o p rovision t he dat a scie nce m anag e r’ s accou nt as a S u p e r A dm inist rat or in t he e xist ing dom ain. D . A sk cu st om e r’ s m anag e m e nt t o discove r any ot he r u se s of G oog l e m anag e d se rvice s, and w ork w it h t he e xist ing S u p e r A dm inist rat or. A nsw e r: C Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online 2 5. Cl ick on t he e m ail addre ss in l ine w it h t he A p p Eng ine D e f au l t S e rvice A ccou nt in t he au t he nt icat ion f ie l d. 2 3. W hich t yp e of l oad bal ance r shou l d you u se t o m aint ain cl ie nt I P by de f au l t w hil e u sing t he st andard ne t w ork t ie r? A . S S L Proxy B. TCP Proxy C. I nt e rnal TCP/ U D P D . TCP/ U D P Ne t w ork A nsw e r: C Exp l anat ion: Re f e re nce : ht t p s: / / re g ist ry. t e rraf orm . io/ p rovide rs/ hashicorp / g oog l e / l at e st / docs/ re sou rce s/ com p u t e _f orw arding _ru l e 2 4. Last w e e k, a com p any de p l oye d a ne w A p p Eng ine ap p l icat ion t hat w rit e s l og s t o Big Q u e ry. No ot he r w orkl oads are ru nning in t he p roj e ct . You ne e d t o val idat e t hat al l dat a w rit t e n t o Big Q u e ry w as done u sing t he A p p Eng ine D e f au l t S e rvice A ccou nt . W hat shou l d you do? A . 1. U se S t ackD rive r Log g ing and f il t e r on Big Q u e ry I nse rt J obs. 2 6. Cl ick Hide M at ching Ent rie s. 2 7. M ake su re t he re su l t ing l ist is e m p t y. B. 1. U se S t ackD rive r Log g ing and f il t e r on Big Q u e ry I nse rt J obs. 2 8 . Cl ick on t he e m ail addre ss in l ine w it h t he A p p Eng ine D e f au l t S e rvice A ccou nt in t he au t he nt icat ion f ie l d. 10 / 22

  11. 2 9. Cl ick S how M at ching Ent rie s. 30 . M ake su re t he re su l t ing l ist is e m p t y. C. 1. I n Big Q u e ry, se l e ct t he re l at e d dat ase t . 31. M ake su re t he A p p Eng ine D e f au l t S e rvice A ccou nt is t he onl y accou nt t hat can w rit e t o t he dat ase t . D . 1. G o t o t he I A M se ct ion on t he p roj e ct . 32 . Val idat e t hat t he A p p Eng ine D e f au l t S e rvice A ccou nt is t he onl y accou nt t hat has a rol e t hat can w rit e t o Big Q u e ry. A nsw e r: C Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online ap p l icat ion al l ow e d a m al iciou s u se r t o re p e at e dl y e xe cu t e a scrip t t hat re su l t s in t he Com p u t e Eng ine inst ance crashing . A l t hou g h t he bu g has be e n f ixe d, you w ant t o g e t not if ie d in case t his hack re - occu rs. W hat shou l d you do? A . Cre at e an A l e rt ing Pol icy in S t ackdrive r u sing a Proce ss He al t h condit ion, che cking t hat t he nu m be r of e xe cu t ions of t he scrip t re m ains be l ow t he de sire d t hre shol d. Enabl e not if icat ions. B. Cre at e an A l e rt ing Pol icy in S t ackdrive r u sing t he CPU u sag e m e t ric. S e t t he t hre shol d t o 8 0 % t o be not if ie d w he n t he CPU u sag e g oe s above t his 8 0 %. C. Log e ve ry e xe cu t ion of t he scrip t t o S t ackdrive r Log g ing . Cre at e a U se r- de f ine d m e t ric in S t ackdrive r Log g ing on t he l og s, and cre at e a S t ackdrive r D ashboard 33. A com p any’ s ap p l icat ion is de p l oye d w it h a u se r- m anag e d S e rvice A ccou nt ke y. You w ant t o u se G oog l e - re com m e nde d p ract ice s t o rot at e t he ke y. W hat shou l d you do? A . O p e n Cl ou d S he l l and ru n g cl ou d iam se rvice - accou nt s e nabl e - au t o- rot at e - - iam - accou nt = I A M _A CCO U NT. B. O p e n Cl ou d S he l l and ru n g cl ou d iam se rvice - accou nt s ke ys rot at e - - iam - accou nt = I A M _A CCO U NT - - ke y= NEW _K EY. C. Cre at e a ne w ke y, and u se t he ne w ke y in t he ap p l icat ion. D e l e t e t he ol d ke y f rom t he S e rvice A ccou nt . D . Cre at e a ne w ke y, and u se t he ne w ke y in t he ap p l icat ion. S t ore t he ol d ke y on t he syst e m as a backu p ke y. A nsw e r: C Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / iam / docs/ u nde rst anding - se rvice - accou nt s 34. A com p any has be e n ru nning t he ir ap p l icat ion on Com p u t e Eng ine . A bu g in t he 11 / 22

  12. disp l aying t he m e t ric. D . Log e ve ry e xe cu t ion of t he scrip t t o S t ackdrive r Log g ing . Conf ig u re Big Q u e ry as a l og sink, and cre at e a Big Q u e ry sche du l e d q u e ry t o cou nt t he nu m be r of e xe cu t ions in a sp e cif ic t im e f ram e . A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / l og g ing / docs/ l og s- base d- m e t rics/ 35. You r com p any w ant s t o de t e rm ine w hat p rodu ct s t he y can bu il d t o he l p cu st om e rs im p rove t he ir cre dit score s de p e nding on t he ir ag e rang e . To achie ve t his, you ne e d t o j oin u se r inf orm at ion in t he com p any' s banking ap p w it h cu st om e rs' cre dit score dat a re ce ive d f rom a t hird p art y. W hil e u sing t his raw dat a w il l al l ow you t o com p l e t e t his t ask, it e xp ose s se nsit ive dat a, w hich cou l d be p rop ag at e d int o ne w syst e m s. This risk ne e ds t o be addre sse d u sing de - ide nt if icat ion and t oke niz at ion w it h Cl ou d D at a Loss Pre ve nt ion w hil e m aint aining t he re f e re nt ial int e g rit y across t he dat abase . W hich cryp t og rap hic t oke n f orm at shou l d you u se t o m e e t t he se re q u ire m e nt s? A . D e t e rm inist ic e ncryp t ion B. S e cu re , ke y- base d hashe s C. Form at - p re se rving e ncryp t ion D . Cryp t og rap hic hashing A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / bl og / p rodu ct s/ ide nt it y- se cu rit y/ t ake - charg e - of - you r- dat a- how - t oke niz at ion- m ake s- dat a- u sabl e - w it hou t - sacrif icing - p rivacy Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online A . S e t u p an A CL w it h O W NER p e rm ission t o a scop e of al l U se rs. B. S e t u p an A CL w it h REA D ER p e rm ission t o a scop e of al l U se rs. C. S e t u p a de f au l t bu cke t A CL and m anag e acce ss f or u se rs u sing I A M . D . S e t u p U nif orm bu cke t - l e ve l acce ss on t he Cl ou d S t orag e bu cke t and m anag e acce ss f or u se rs u sing I A M . A nsw e r: A Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / st orag e / docs/ acce ss- cont rol / l ist s 36. You are t he se cu rit y adm in of you r com p any. You have 3, 0 0 0 obj e ct s in you r Cl ou d S t orag e bu cke t . You do not w ant t o m anag e acce ss t o e ach obj e ct individu al l y. You al so do not w ant t he u p l oade r of an obj e ct t o al w ays have f u l l cont rol of t he obj e ct . How e ve r, you w ant t o u se Cl ou d A u dit Log s t o m anag e acce ss t o you r bu cke t . W hat shou l d you do? 37. W he n cre at ing a se cu re cont aine r im ag e , w hich t w o it e m s shou l d you incorp orat e 12 / 22

  13. int o t he bu il d if p ossibl e ? ( Choose t w o. ) A . Ensu re t hat t he ap p doe s not ru n as PI D 1. B. Packag e a sing l e ap p as a cont aine r. C. Re m ove any u nne ce ssary t ool s not ne e de d by t he ap p . D . U se p u bl ic cont aine r im ag e s as a base im ag e f or t he ap p . E. U se m any cont aine r im ag e l aye rs t o hide se nsit ive inf orm at ion. A nsw e r: B, C Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / sol u t ions/ be st - p ract ice s- f or- bu il ding - cont aine rs 38 . A cu st om e r is ru nning an anal yt ics w orkl oad on G oog l e Cl ou d Pl at f orm ( G CP) w he re Com p u t e Eng ine inst ance s are acce ssing dat a st ore d on Cl ou d S t orag e . You r t e am w ant s t o m ake su re t hat t his w orkl oad w il l not be abl e t o acce ss, or be acce sse d f rom , t he int e rne t . W hich t w o st rat e g ie s shou l d you r t e am u se t o m e e t t he se re q u ire m e nt s? ( Choose t w o. ) A . Conf ig u re Privat e G oog l e A cce ss on t he Com p u t e Eng ine su bne t B. A void assig ning p u bl ic I P addre sse s t o t he Com p u t e Eng ine cl u st e r. C. M ake su re t hat t he Com p u t e Eng ine cl u st e r is ru nning on a se p arat e su bne t . D . Tu rn of f I P f orw arding on t he Com p u t e Eng ine inst ance s in t he cl u st e r. E. Conf ig u re a Cl ou d NA T g at e w ay. A nsw e r: B, E Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online B. U se G oog l e ' s I de nt it y and A cce ss M anag e m e nt ( I A M ) se rvice t o m anag e acce ss cont rol s on G oog l e Cl ou d. C. Enabl e A dm in act ivit y l og s t o m onit or acce ss t o re sou rce s. D . Enabl e A cce ss Transp are ncy l og s w it h A cce ss A p p roval re q u e st s f or G oog l e e m p l oye e s. A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / bl og / p rodu ct s/ ide nt it y- se cu rit y/ sim p l if ying - ide nt it y- and- acce ss- m anag e m e nt - of - you r- e m p l oye e s- p art ne rs- and- cu st om e rs 39. You are a se cu rit y e ng ine e r at a f inance com p any. You r org aniz at ion p l ans t o st ore dat a on G oog l e Cl ou d, bu t you r l e ade rship t e am is w orrie d abou t t he se cu rit y of t he ir hig hl y se nsit ive dat a S p e cif ical l y, you r com p any is conce rne d abou t int e rnal G oog l e e m p l oye e s' abil it y t o acce ss you r com p any' s dat a on G oog l e Cl ou d . W hat sol u t ion shou l d you p rop ose ? A . U se cu st om e r- m anag e d e ncryp t ion ke ys. 13 / 22

  14. 40 . A n org aniz at ion' s se cu rit y and risk m anag e m e nt t e am s are conce rne d abou t w he re t he ir re sp onsibil it y l ie s f or ce rt ain p rodu ct ion w orkl oads t he y are ru nning in G oog l e Cl ou d Pl at f orm ( G CP) , and w he re G oog l e ' s re sp onsibil it y l ie s. The y are m ost l y ru nning w orkl oads u sing G oog l e Cl ou d' s Pl at f orm - as- a- S e rvice ( PaaS ) of f e ring s, incl u ding A p p Eng ine p rim aril y. W hich one of t he se are as in t he t e chnol og y st ack w ou l d t he y ne e d t o f ocu s on as t he ir p rim ary re sp onsibil it y w he n u sing A p p Eng ine ? A . Conf ig u ring and m onit oring VPC Fl ow Log s B. D e f e nding ag ainst XS S and S Q Li at t acks C. M anag e t he l at e st u p dat e s and se cu rit y p at che s f or t he G u e st O S D . Encryp t ing al l st ore d dat a A nsw e r: B Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online C. U p dat e t he ap p l icat ion code or ap p l y a p at ch, bu il d a ne w im ag e , and re de p l oy it . D . Conf ig u re cont aine rs t o au t om at ical l y u p g rade w he n t he base im ag e is avail abl e in Cont aine r Re g ist ry. A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / ku be rne t e s- e ng ine / docs/ se cu rit y- bu l l e t ins 41. A D e vO p s t e am w il l cre at e a ne w cont aine r t o ru n on G oog l e K u be rne t e s Eng ine . A s t he ap p l icat ion w il l be int e rne t - f acing , t he y w ant t o m inim iz e t he at t ack su rf ace of t he cont aine r. W hat shou l d t he y do? A . U se Cl ou d Bu il d t o bu il d t he cont aine r im ag e s. B. Bu il d sm al l cont aine rs u sing sm al l base im ag e s. C. D e l e t e non- u se d ve rsions f rom Cont aine r Re g ist ry. D . U se a Cont inu ou s D e l ive ry t ool t o de p l oy t he ap p l icat ion. A nsw e r: D Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / sol u t ions/ be st - p ract ice s- f or- bu il ding - cont aine rs 42 . A p at ch f or a vu l ne rabil it y has be e n re l e ase d, and a D e vO p s t e am ne e ds t o u p dat e t he ir ru nning cont aine rs in G oog l e K u be rne t e s Eng ine ( G K E) . How shou l d t he D e vO p s t e am accom p l ish t his? A . U se Pu p p e t or Che f t o p u sh ou t t he p at ch t o t he ru nning cont aine r. B. Ve rif y t hat au t o u p g rade is e nabl e d; if so, G oog l e w il l u p g rade t he node s in a G K E cl u st e r. 43. You w il l cre at e a ne w S e rvice A ccou nt t hat shou l d be abl e t o l ist t he Com p u t e Eng ine inst ance s in t he p roj e ct . You w ant t o f ol l ow G oog l e - re com m e nde d p ract ice s. 14 / 22

  15. W hat shou l d you do? A . Cre at e an I nst ance Te m p l at e , and al l ow t he S e rvice A ccou nt Re ad O nl y acce ss f or t he Com p u t e Eng ine A cce ss S cop e . B. Cre at e a cu st om rol e w it h t he p e rm ission com p u t e . inst ance s. l ist and g rant t he S e rvice A ccou nt t his rol e . C. G ive t he S e rvice A ccou nt t he rol e of Com p u t e Vie w e r, and u se t he ne w S e rvice A ccou nt f or al l inst ance s. D . G ive t he S e rvice A ccou nt t he rol e of Proj e ct Vie w e r, and u se t he ne w S e rvice A ccou nt f or al l inst ance s. A nsw e r: B 44. You ne e d t o conne ct you r org aniz at ion' s on- p re m ise s ne t w ork w it h an e xist ing G oog l e Cl ou d e nvironm e nt t hat incl u de s one S hare d VPC w it h t w o su bne t s nam e d Produ ct ion and Non- Produ ct ion. You are re q u ire d t o: U se a p rivat e t ransp ort l ink. Conf ig u re acce ss t o G oog l e Cl ou d A PI s t hrou g h p rivat e A PI e ndp oint s orig inat ing f rom on- p re m ise s e nvironm e nt s. Ensu re t hat G oog l e Cl ou d A PI s are onl y consu m e d via VPC S e rvice Cont rol s. W hat shou l d you do? A . 1. S e t u p a Cl ou d VPN l ink be t w e e n t he on- p re m ise s e nvironm e nt and G oog l e Cl ou d. Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online 47. Conf ig u re p rivat e acce ss f or bot h VPC su bne t s. D . 1. S e t u p a D e dicat e d I nt e rconne ct l ink be t w e e n t he on- p re m ise s e nvironm e nt and G oog l e Cl ou d. 45. Conf ig u re p rivat e acce ss u sing t he re st rict e d g oog l e ap is. com dom ains in on- p re m ise s D NS conf ig u rat ions. B. 1. S e t u p a Part ne r I nt e rconne ct l ink be t w e e n t he on- p re m ise s e nvironm e nt and G oog l e Cl ou d. 46. Conf ig u re p rivat e acce ss u sing t he p rivat e . g oog l e ap is. com dom ains in on- p re m ise s D NS conf ig u rat ions. C. 1. S e t u p a D ire ct Pe e ring l ink be t w e e n t he on- p re m ise s e nvironm e nt and G oog l e Cl ou d. 48 . Conf ig u re p rivat e acce ss u sing t he re st rict e d. g oog l e ap is. com dom ains in on- p re m ise s D NS conf ig u rat ions. A nsw e r: C 49. I n a share d se cu rit y re sp onsibil it y m ode l f or I aaS , w hich t w o l aye rs of t he st ack 15 / 22

  16. doe s t he cu st om e r share re sp onsibil it y f or? ( Choose t w o. ) A . Hardw are B. Ne t w ork S e cu rit y C. S t orag e Encryp t ion D . A cce ss Pol icie s E. Boot A nsw e r: C, D 50 . You r com p any re q u ire s t he se cu rit y and ne t w ork e ng ine e ring t e am s t o ide nt if y al l ne t w ork anom al ie s w it hin and across VPCs, int e rnal t raf f ic f rom VM s t o VM s, t raf f ic be t w e e n e nd l ocat ions on t he int e rne t and VM s, and t raf f ic be t w e e n VM s t o G oog l e Cl ou d se rvice s in p rodu ct ion . W hich m e t hod shou l d you u se ? A . D e f ine an org aniz at ion p ol icy const raint . B. Conf ig u re p acke t m irroring p ol icie s. C. Enabl e VPC Fl ow Log s on t he su bne t . D . M onit or and anal yz e Cl ou d A u dit Log s. A nsw e r: C Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / archit e ct u re / be st - p ract ice s- vp c- de sig n Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online C. S t ore t he dat a in a sing l e Cl ou d S t orag e bu cke t and conf ig u re t he bu cke t ’ s Tim e t o Live . D . S t ore t he dat a in a sing l e Big Tabl e t abl e and se t an e xp irat ion t im e on t he col u m n f am il ie s. A nsw e r: B 51. You r com p any ru ns a w e bsit e t hat w il l st ore PI I on G oog l e Cl ou d Pl at f orm . To com p l y w it h dat a p rivacy re g u l at ions, t his dat a can onl y be st ore d f or a sp e cif ic am ou nt of t im e and m u st be f u l l y de l e t e d af t e r t his sp e cif ic p e riod. D at a t hat has not ye t re ache d t he t im e p e riod shou l d not be de l e t e d. You w ant t o au t om at e t he p roce ss of com p l ying w it h t his re g u l at ion. W hat shou l d you do? A . S t ore t he dat a in a sing l e Pe rsist e nt D isk, and de l e t e t he disk at e xp irat ion t im e . B. S t ore t he dat a in a sing l e Big Q u e ry t abl e and se t t he ap p rop riat e t abl e e xp irat ion t im e . 52 . A n ap p l icat ion ru nning on a Com p u t e Eng ine inst ance ne e ds t o re ad dat a f rom a Cl ou d S t orag e bu cke t . You r t e am doe s not al l ow Cl ou d S t orag e bu cke t s t o be g l obal l y re adabl e and w ant s t o e nsu re t he p rincip l e of l e ast p rivil e g e . W hich op t ion m e e t s t he re q u ire m e nt of you r t e am ? 16 / 22

  17. A . Cre at e a Cl ou d S t orag e A CL t hat al l ow s re ad- onl y acce ss f rom t he Com p u t e Eng ine inst ance ’ s I P addre ss and al l ow s t he ap p l icat ion t o re ad f rom t he bu cke t w it hou t cre de nt ial s. B. U se a se rvice accou nt w it h re ad- onl y acce ss t o t he Cl ou d S t orag e bu cke t , and st ore t he cre de nt ial s t o t he se rvice accou nt in t he conf ig of t he ap p l icat ion on t he Com p u t e Eng ine inst ance . C. U se a se rvice accou nt w it h re ad- onl y acce ss t o t he Cl ou d S t orag e bu cke t t o re t rie ve t he cre de nt ial s f rom t he inst ance m e t adat a. D . Encryp t t he dat a in t he Cl ou d S t orag e bu cke t u sing Cl ou d K M S , and al l ow t he ap p l icat ion t o de cryp t t he dat a w it h t he K M S ke y. A nsw e r: C Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online Cl ou d S t orag e and Big Q u e ry. The l ocat ion and re g ion are ide nt if ie d as a su f f ix in t he re sou rce nam e . W hich cost re du ct ion op t ions shou l d you re com m e nd? A . S e t ap p rop riat e row sLim it val u e on Big Q u e ry dat a host e d ou t side t he U S and se t ap p rop riat e byt e sLim it Pe rFil e val u e on m u l t ire g ional Cl ou d S t orag e bu cke t s. B. S e t ap p rop riat e row sLim it val u e on Big Q u e ry dat a host e d ou t side t he U S , and m inim iz e t ransf orm at ion u nit s on m u l t ire g ional Cl ou d S t orag e bu cke t s. C. U se row sLim it and byt e sLim it Pe rFil e t o sam p l e dat a and u se Cl ou dS t orag e Re g e xFil e S e t t o l im it scans. D . U se Finding Lim it s and Tim e sp anCont f ig t o sam p l e dat a and m inim iz e t ransf orm at ion u nit s. 53. You r t e am ne e ds t o conf ig u re t he ir G oog l e Cl ou d Pl at f orm ( G CP) e nvironm e nt so t he y can ce nt ral iz e t he cont rol ove r ne t w orking re sou rce s l ike f ire w al l ru l e s, su bne t s, and rou t e s. The y al so have an on- p re m ise s e nvironm e nt w he re re sou rce s ne e d acce ss back t o t he G CP re sou rce s t hrou g h a p rivat e VPN conne ct ion. The ne t w orking re sou rce s w il l ne e d t o be cont rol l e d by t he ne t w ork se cu rit y t e am . W hich t yp e of ne t w orking de sig n shou l d you r t e am u se t o m e e t t he se re q u ire m e nt s? A . S hare d VPC Ne t w ork w it h a host p roj e ct and se rvice p roj e ct s B. G rant Com p u t e A dm in rol e t o t he ne t w orking t e am f or e ach e ng ine e ring p roj e ct C. VPC p e e ring be t w e e n al l e ng ine e ring p roj e ct s u sing a hu b and sp oke m ode l D . Cl ou d VPN G at e w ay be t w e e n al l e ng ine e ring p roj e ct s u sing a hu b and sp oke m ode l A nsw e r: A Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / docs/ e nt e rp rise / be st - p ract ice s- f or- e nt e rp rise - org aniz at ions#ce nt ral iz e _ne t w ork_cont rol 54. A s adop t ion of t he Cl ou d D at a Loss Pre ve nt ion ( D LP) A PI g row s w it hin t he com p any, you ne e d t o op t im iz e u sag e t o re du ce cost . D LP t arg e t dat a is st ore d in 17 / 22

  18. A nsw e r: C Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / dl p / docs/ re f e re nce / re st / v2 / I nsp e ct J obConf ig 55. A cu st om e r has 30 0 e ng ine e rs. The com p any w ant s t o g rant dif f e re nt l e ve l s of acce ss and e f f icie nt l y m anag e I A M p e rm issions be t w e e n u se rs in t he de ve l op m e nt and p rodu ct ion e nvironm e nt p roj e ct s. W hich t w o st e p s shou l d t he com p any t ake t o m e e t t he se re q u ire m e nt s? ( Choose t w o. ) A . Cre at e a p roj e ct w it h m u l t ip l e VPC ne t w orks f or e ach e nvironm e nt . B. Cre at e a f ol de r f or e ach de ve l op m e nt and p rodu ct ion e nvironm e nt . C. Cre at e a G oog l e G rou p f or t he Eng ine e ring t e am , and assig n p e rm issions at t he f ol de r l e ve l . D . Cre at e an O rg aniz at ional Pol icy const raint f or e ach f ol de r e nvironm e nt . E. Cre at e p roj e ct s f or e ach e nvironm e nt , and g rant I A M rig ht s t o e ach e ng ine e ring u se r. A nsw e r: B, C Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online 56. You are cre at ing an int e rnal A p p Eng ine ap p l icat ion t hat ne e ds t o acce ss a u se r’ s G oog l e D rive on t he u se r’ s be hal f . You r com p any doe s not w ant t o re l y on t he cu rre nt u se r’ s cre de nt ial s. I t al so w ant s t o f ol l ow G oog l e - re com m e nde d p ract ice s. W hat shou l d you do? A . Cre at e a ne w S e rvice accou nt , and g ive al l ap p l icat ion u se rs t he rol e of S e rvice A ccou nt U se r. B. Cre at e a ne w S e rvice accou nt , and add al l ap p l icat ion u se rs t o a G oog l e G rou p . G ive t his g rou p t he rol e of S e rvice A ccou nt U se r. C. U se a de dicat e d G S u it e A dm in accou nt , and au t he nt icat e t he ap p l icat ion’ s op e rat ions w it h t he se G S u it e cre de nt ial s. D . Cre at e a ne w se rvice accou nt , and g rant it G S u it e dom ain- w ide de l e g at ion. Have t he ap p l icat ion u se it t o im p e rsonat e t he u se r. A nsw e r: D Exp l anat ion: ht t p s: / / de ve l op e rs. g oog l e . com / adm in- sdk/ dire ct ory/ v1/ g u ide s/ de l e g at ion 57. You ne e d t o f ol l ow G oog l e - re com m e nde d p ract ice s t o l e ve rag e e nve l op e e ncryp t ion and e ncryp t dat a at t he ap p l icat ion l aye r. W hat shou l d you do? A . G e ne rat e a dat a e ncryp t ion ke y ( D EK ) l ocal l y t o e ncryp t t he dat a, and g e ne rat e a ne w ke y e ncryp t ion ke y ( K EK ) in Cl ou d K M S t o e ncryp t t he D EK . S t ore bot h t he e ncryp t e d dat a and t he e ncryp t e d D EK . 18 / 22

  19. B. G e ne rat e a dat a e ncryp t ion ke y ( D EK ) l ocal l y t o e ncryp t t he dat a, and g e ne rat e a ne w ke y e ncryp t ion ke y ( K EK ) in Cl ou d K M S t o e ncryp t t he D EK . S t ore bot h t he e ncryp t e d dat a and t he K EK . C. G e ne rat e a ne w dat a e ncryp t ion ke y ( D EK ) in Cl ou d K M S t o e ncryp t t he dat a, and g e ne rat e a ke y e ncryp t ion ke y ( K EK ) l ocal l y t o e ncryp t t he ke y. S t ore bot h t he e ncryp t e d dat a and t he e ncryp t e d D EK . D . G e ne rat e a ne w dat a e ncryp t ion ke y ( D EK ) in Cl ou d K M S t o e ncryp t t he dat a, and g e ne rat e a ke y e ncryp t ion ke y ( K EK ) l ocal l y t o e ncryp t t he ke y. S t ore bot h t he e ncryp t e d dat a and t he K EK . A nsw e r: A Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / km s/ docs/ e nve l op e - e ncryp t ion Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online cl u st e r u sing M anag e d I nst ance G rou p s ( M I G s) . The j obs are bu rst y and m u st be com p l e t e d q u ickl y. The y have a re q u ire m e nt t o be abl e t o m anag e and rot at e t he e ncryp t ion ke ys. W hich boot disk e ncryp t ion sol u t ion shou l d you u se on t he cl u st e r t o m e e t t his cu st om e r’ s re q u ire m e nt s? A . Cu st om e r- su p p l ie d e ncryp t ion ke ys ( CS EK ) B. Cu st om e r- m anag e d e ncryp t ion ke ys ( CM EK ) u sing Cl ou d K e y M anag e m e nt S e rvice ( K M S ) C. Encryp t ion by de f au l t D . Pre - e ncryp t ing f il e s be f ore t ransf e rring t o G oog l e Cl ou d Pl at f orm ( G CP) f or anal ysis 58 . A cu st om e r’ s int e rnal se cu rit y t e am m u st m anag e it s ow n e ncryp t ion ke ys f or e ncryp t ing dat a on Cl ou d S t orag e and de cide s t o u se cu st om e r- su p p l ie d e ncryp t ion ke ys ( CS EK ) . How shou l d t he t e am com p l e t e t his t ask? A . U p l oad t he e ncryp t ion ke y t o a Cl ou d S t orag e bu cke t , and t he n u p l oad t he obj e ct t o t he sam e bu cke t . B. U se t he g su t il com m and l ine t ool t o u p l oad t he obj e ct t o Cl ou d S t orag e , and sp e cif y t he l ocat ion of t he e ncryp t ion ke y. C. G e ne rat e an e ncryp t ion ke y in t he G oog l e Cl ou d Pl at f orm Consol e , and u p l oad an obj e ct t o Cl ou d S t orag e u sing t he sp e cif ie d ke y. D . Encryp t t he obj e ct , t he n u se t he g su t il com m and l ine t ool or t he G oog l e Cl ou d Pl at f orm Consol e t o u p l oad t he obj e ct t o Cl ou d S t orag e . A nsw e r: D Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / st orag e / docs/ e ncryp t ion/ cu st om e r- su p p l ie d- ke ys 59. A cu st om e r w ant s t o m ove t he ir se nsit ive w orkl oads t o a Com p u t e Eng ine - base d 19 / 22

  20. A nsw e r: B Exp l anat ion: Re f e re nce ht t p s: / / cl ou d. g oog l e . com / ku be rne t e s- e ng ine / docs/ how - t o/ dynam ic- p rovisioning - cm e k 60 . How shou l d a cu st om e r re l iabl y de l ive r S t ackdrive r l og s f rom G CP t o t he ir on- p re m ise s S I EM syst e m ? A . S e nd al l l og s t o t he S I EM syst e m via an e xist ing p rot ocol su ch as sysl og . B. Conf ig u re e ve ry p roj e ct t o e xp ort al l t he ir l og s t o a com m on Big Q u e ry D at aS e t , w hich w il l be q u e rie d by t he S I EM syst e m . C. Conf ig u re O rg aniz at ional Log S inks t o e xp ort l og s t o a Cl ou d Pu b/ S u b Top ic, w hich w il l be se nt t o t he S I EM via D at af l ow . D . Bu il d a conne ct or f or t he S I EM t o q u e ry f or al l l og s in re al t im e f rom t he G CP RES Tf u l J S O N A PI s. A nsw e r: C Updated Professional Cloud Security Engineer Study Guide [Killtest] - Free Demo Questions Online A . com p u t e . re st rict S hare dVp cHost Proj e ct s B. com p u t e . re st rict Xp nProj e ct Lie nRe m oval C. com p u t e . re st rict S hare dVp cS u bne t w orks D . com p u t e . share dRe se rvat ionsO w ne rProj e ct s A nsw e r: B Exp l anat ion: Re f e re nce : ht t p s: / / cl ou d. g oog l e . com / vp c/ docs/ p rovisioning - share d- vp c 61. You r com p any is u sing Cl ou d D at ap roc f or it s S p ark and Hadoop j obs. You w ant t o be abl e t o cre at e , rot at e , and de st roy sym m e t ric e ncryp t ion ke ys u se d f or t he p e rsist e nt disks u se d by Cl ou d D at ap roc. K e ys can be st ore d in t he cl ou d. W hat shou l d you do? A . U se t he Cl ou d K e y M anag e m e nt S e rvice t o m anag e t he dat a e ncryp t ion ke y ( D EK ) . B. U se t he Cl ou d K e y M anag e m e nt S e rvice t o m anag e t he ke y e ncryp t ion ke y ( K EK ) . C. U se cu st om e r- su p p l ie d e ncryp t ion ke ys t o m anag e t he dat a e ncryp t ion ke y ( D EK ) . D . U se cu st om e r- su p p l ie d e ncryp t ion ke ys t o m anag e t he ke y e ncryp t ion ke y ( K EK ) . A nsw e r: A 62 . You w ant t o p re ve nt u se rs f rom accide nt al l y de l e t ing a S hare d VPC host p roj e ct . W hich org aniz at ion- l e ve l p ol icy const raint shou l d you e nabl e ? 20 / 22

  21. G e t f u l l ve rsion of Prof e ssional Cl ou d S e cu rit y Eng ine e r Q &A s 22 / 22

More Related
SlideServe
Audio
Live Player
Audio Wave
Play slide audio to activate visualizer
Slide 1

Sea Ice

Slide Player

AI NARRATOR Slide 1 of 12

Sea Ice

0:00 0:15