Question 1

As an AI consulting firm, your client is running their e-commerce website on Google Kubernetes Engine and requires customer transaction analysis in BigQuery. How can you ensure that credit card information is not stored in BigQuery?

Options :

A : Before ingesting data into BigQuery, utilize the Cloud Data Loss Prevention API to censor associated infoTypes.

B : To query and delete impacted rows, generate a BigQuery view that utilizes regular expressions to match credit card numbers.

C : Utilize Security Command Center to perform a scan in BigQuery for assets categorized as Credit Card Number.

D : To prevent the storage of credit card numbers in BigQuery logs, it is recommended to utilize Cloud Identity-Aware Proxy for filtration purposes.

Answer: A

Question 2

You run applications on Cloud Run. You already enabled container analysis for vulnerability scanning. However, you are concerned about the lack of control on the applications that are deployed. You must ensure that only trusted container images are deployed on Cloud Run. What should you do? Choose 2 answers

Options :

A : Enable Binary Authorization on the existing Kubernetes cluster.

B :

Set the organization policy constraint constraints/run. allowedBinaryAuthorizationPolicie to the list of allowed Binary Authorization policy names.

C :

Set the organization policy constraint constraints/compute.trustedimageProjects to the list of protects that contain the trusted container images

D : Enable Binary Authorization on the existing Cloud Run service.

E : Use Cloud Run breakglass to deploy an image that meets the Binary Authorization policy by default.

Answer: B,D

Question 3

You must ensure that the keys used for at-rest encryption of your data are compliant with your organization's security controls. One security control mandates that keys get rotated every 90 days. You must implement an effective detection strategy to validate if keys are rotated as required. What should you do?

Options :

A :

Analyze the crypto key versions of the keys by using data from Cloud Asset Inventory. If an active key is older than 90 days, send an alert message through your incident notification channel.

B :

Identify keys that have not been rotated by using Security Health Analytics. If a key is not rotated after 90 days, a finding in Security Command Center is raised.

C :

Assess the keys in the Cloud Key Management Service by implementing code in Cloud Run. If a key is not rotated after 90 days, raise a finding in Security Command Center.

D :

Define a metric that checks for timely key updates by using Cloud Logging. If a key is not rotated after 90 days, send an alert message through your incident notification channel.

Answer: A

Question 4

A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to

ensure payment information is encrypted between the customer’s browser and GCP when the customers

checkout online.

What should they do?

Options :

A : Configure an SSL Certificate on an L7 Load Balancer and require encryption

B : Configure an SSL Certificate on a Network TCP Load Balancer and require encryption

C : Configure the firewall to allow inbound traffic on port 443, and block all other inbound traffic

D : Configure the firewall to allow outbound traffic on port 443, and block all other outbound traffic.

Answer: A

Question 5

An organization is moving applications to Google Cloud while maintaining a few mission-critical applications on-premises. The organization must transfer the data at a bandwidth of at least 50 Gbps. What should they use to ensure secure continued connectivity between sites?

Options :

A : Dedicated Interconnect

B : Cloud Router

C : Cloud VPN

D : Partner Interconnect

Answer: A