A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system. How should the customer achieve this using Google Cloud Platform? A. Use Cloud Source Repositories, and store secrets in Cloud SQL. B. Encrypt…
You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account. What should you do? A. Query Data Access logs. B. Query Admin Activity logs.…
A customer terminates an engineer and needs to make sure the engineer’s Google account is automatically deprovisioned. What should the customer do? A. Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity. B.…
For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on “in-scope” Nodes only. These Nodes can only contain the “in-scope” Pods. How should the organization achieve this objective? A. Add a nodeSelector field to the…
Your company wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need to join user information in the company’s banking app with customers’ credit score…
Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default…
You are a security engineer at a finance company. Your organization plans to store data on Google Cloud, but your leadership team is worried about the security of their highly sensitive data Specifically, your company is concerned about internal Google…
You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution: Must…
A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over at least two geographic places. Which Storage solution are they allowed to use?…
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable? A. compute.restrictSharedVpcHostProjects B. compute.restrictXpnProjectLienRemoval C. compute.restrictSharedVpcSubnetworks D. compute.sharedReservationsOwnerProjects