Question 1

Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer. What type of Load Balancing should you use?

Options :

A : Network Load Balancing

B : HTTP(S) Load Balancing

C : TCP Proxy Load Balancing

D : SSL Proxy Load Balancing

Answer: D

Question 2

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery What should you do?

Options :

A :

Create a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows

B : Use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.

C : Leverage Security Command Center to scan for the assets of type Credit Card Number in BigQuery

D : Enable Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.

Answer: B

Question 3

As an AI-powered chatbot service company, what is the recommended process for a customer to securely transfer Cloud Logging (previously known as Stackdriver) logs from Google Cloud Platform to their on-premises SIEM system?

Options :

A : Utilize an established protocol like syslog to transmit all the logs to the SIEM system.

B : Develop a linkage that enables the SIEM to fetch all logs in real-time from the GCP RESTful JSON APIs.

C : Organizational Log Sinks should be set up to export logs to a Cloud Pub/Sub Topic. These logs will then be sent to the SIEM through Dataflow.

D : Make sure all logs from each project are exported to a shared BigQuery DataSet, which can be accessed by the SIEM system for querying purposes.

Answer: C

Question 4

An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A wellestablished directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities. Which solution meets the organization's requirements?

Options :

A : Google Cloud Directory Sync (GCDS)

B : Cloud Identity

C : Security Assertion Markup Language (SAML)

D : Pub/Sub

Answer: A

Question 5

A customer’s company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions. Which strategy should you use to meet these needs?

Options :

A :

Create an organization node, and assign folders for each business unit.

B : Establish standalone projects for each business unit, using gmail.com accounts.

C : Assign GCP resources in a project, with a label identifying which business unit owns the resource.

D : Assign GCP resources in a VPC for each business unit to separate network access.

Answer: A

Higher Test Marks with Free Online Professional-Cloud-Security-Engineer Exam Practice

Buying Options: