Question 1

Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU. What should you do? Choose 2 answers

Options :

A :

Limit the physical location of a new resource with the Organization Policy Service resource locations constraint."

B :

Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication.

C :

Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications

D : Use identity federation to limit access to Google Cloud resources from non-EU entities.

E : Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU

Answer: A,C

Question 2

You must ensure that the keys used for at-rest encryption of your data are compliant with your organization's security controls. One security control mandates that keys get rotated every 90 days. You must implement an effective detection strategy to validate if keys are rotated as required. What should you do?

Options :

A :

Analyze the crypto key versions of the keys by using data from Cloud Asset Inventory. If an active key is older than 90 days, send an alert message through your incident notification channel.

B :

Identify keys that have not been rotated by using Security Health Analytics. If a key is not rotated after 90 days, a finding in Security Command Center is raised.

C :

Assess the keys in the Cloud Key Management Service by implementing code in Cloud Run. If a key is not rotated after 90 days, raise a finding in Security Command Center.

D :

Define a metric that checks for timely key updates by using Cloud Logging. If a key is not rotated after 90 days, send an alert message through your incident notification channel.

Answer: A

Question 3

Which of the following tools is used for auditing, monitoring, and analysis of resources in a Crowdfunding platform that uses Google Cloud Services?

Options :

A : The managed service for running Kubernetes clusters on Google Cloud is called Google Kubernetes Engine.

B : Storage services provided by Google Cloud.

C : Logging on Google Cloud Platform

D : The Google Cloud SQL is a fully-managed database service provided by Google Cloud Platform.

Answer: C

Question 4

An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A wellestablished directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities. Which solution meets the organization's requirements?

Options :

A : Google Cloud Directory Sync (GCDS)

B : Cloud Identity

C : Security Assertion Markup Language (SAML)

D : Pub/Sub

Answer: A

Question 5

Your company must follow industry specific regulations. Therefore, you need to enforce customer-managed encryption keys (CMEK) for all new Cloud Storage resources in the organization called org1. What command should you execute?

Options :

A :

• organization policy: constraints/gcp.restrictStorageNonCraekServices

• binding at: orgl

• policy type: deny

• policy value: storage.gcogleapis.com

B :

• organization policy: constraints/gcp.restrictHonCmekServices

• binding at: orgl

• policy type: deny

• policy value: storage.googleapis.com

C :

• organization policy:constraints/gcp.restrictStorageNonCraekServices

• binding at: orgl

• policy type: allow

• policy value: all supported services

D :

• organization policy: constramts/gcp.restrictNonCmekServices

• binding at: orgl

• policy type: allow

• policy value: storage.googleapis.com

Answer: D

Higher Test Marks with Free Online Professional-Cloud-Security-Engineer Exam Practice

Buying Options: