CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Google Cloud Certified Professional-Cloud-Security-Engineer Full Course Free

Page: 5 / 17
Total 233 questions
Get Professional-Cloud-Security-Engineer Full Access Download Professional-Cloud-Security-Engineer PDF

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Question 17

A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing.

How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?

Options:

A.

Build new base images when patches are available, and use a CI/CD pipeline to rebuild VMs, deploying incrementally.

B.

Federate a Domain Controller into Compute Engine, and roll out weekly patches via Group Policy Object.

C.

Use Deployment Manager to provision updated VMs into new serving Instance Groups (IGs).

D.

Reboot all VMs during the weekly maintenance window and allow the StartUp Script to download the latest patches from the internet.

Question 18

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

Options:

A.

1. Enable Container Threat Detection in the Security Command Center Premium tier.

• 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.

• 3. View and share the results from the Security Command Center

B.

• 1. Use an open source tool in Cloud Build to scan the images.

• 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil

• 3. Share the scan report link with your security department.

C.

• 1. Enable vulnerability scanning in the Artifact Registry settings.

• 2. Use Cloud Build to build the images

• 3. Push the images to the Artifact Registry for automatic scanning.

• 4. View the reports in the Artifact Registry.

D.

• 1. Get a GitHub subscription.

• 2. Build the images in Cloud Build and store them in GitHub for automatic scanning

• 3. Download the report from GitHub and share with the Security Team

Question 19

Your company recently published a security policy to minimize the usage of service account keys. On-premises Windows-based applications are interacting with Google Cloud APIs. You need to implement Workload Identity Federation (WIF) with your identity provider on-premises.

What should you do?

Options:

A.

Set up a workload identity pool with your corporate Active Directory Federation Service (ADFS) Configure arule to let principals in the pool impersonate the Google Cloud service account.

B.

Set up a workload identity pool with your corporate Active Directory Federation Service (ADFS) Let allprincipals in the pool impersonate the Google Cloud service account.

C.

Set up a workload identity pool with an OpenID Connect (OIDC) service on the name machine Configure arule to let principals in the pool impersonate the Google Cloud service account.

D.

Set up a workload identity pool with an OpenID Connect (OIDC) service on the same machine Let allprincipals in the pool impersonate the Google Cloud service account.

Question 20

Your organization must comply with the regulation to keep instance logging data within Europe. Your workloads will be hosted in the Netherlands in region europe-west4 in a new project. You must configure Cloud Logging to keep your data in the country.

What should you do?

Options:

A.

Configure the organization policy constraint gcp.resourceLocations to europe-west4.

B.

Set the logging storage region to eurcpe-west4 by using the gcloud CLI logging settings update.

C.

Create a new tog bucket in europe-west4. and redirect the _Def auit bucKet to the new bucket.

D.

Configure log sink to export all logs into a Cloud Storage bucket in europe-west4.

Page: 5 / 17
Total 233 questions
Get Professional-Cloud-Security-Engineer Full Access Download Professional-Cloud-Security-Engineer PDF