Question 1

You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?

Options :

A : Implement Cloud VPN for the region where the bastion host lives.

B : Implement OS Login with 2-step verification for the bastion host.

C : Implement Identity-Aware Proxy TCP forwarding for the bastion host.

D : Implement Google Cloud Armor in front of the bastion host.

Answer: C

Question 2

Which of the following tools is used for auditing, monitoring, and analysis of resources in a Crowdfunding platform that uses Google Cloud Services?

Options :

A : The managed service for running Kubernetes clusters on Google Cloud is called Google Kubernetes Engine.

B : Storage services provided by Google Cloud.

C : Logging on Google Cloud Platform

D : The Google Cloud SQL is a fully-managed database service provided by Google Cloud Platform.

Answer: C

Question 3

As an online education platform company, which document should you review to identify Google Cloud's inherent controls for PCI compliance evaluation?

Options :

A : Documentation related to Compute Engine product.

B : Guidelines for Cloud Computing by PCI SSC.

C : Security Assessment Procedures and PCI DSS Requirements

D : Matrix of Customer Responsibility in Google Cloud Platform

Answer: D

Question 4

Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU. What should you do? Choose 2 answers

Options :

A :

Limit the physical location of a new resource with the Organization Policy Service resource locations constraint."

B :

Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication.

C :

Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications

D : Use identity federation to limit access to Google Cloud resources from non-EU entities.

E : Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU

Answer: A,C

Question 5

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization use to inform their new requirements?

Options :

A : Set the minimum length for passwords to be 8 characters.

B : Set the minimum length for passwords to be 10 characters.

C : Set the minimum length for passwords to be 12 characters.

D : Set the minimum length for passwords to be 6 characters.

Answer: A

Smartly Prepare Exam with Free Online Professional-Cloud-Security-Engineer Practice Test

Buying Options: