Question 1

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

Options :

A :

Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user-s temporary credentials

B :

Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/ iam.disableServiceAccountCreation organization policy at the project level.

C :

Create a custom service account for the cluster Enable the constraints/iam. disableServiceAccountKeyCreation organization policy at the project level.

D :

Create a custom service account for the cluster Enable the constraints/ iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

Answer: C

Question 2

You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket. What should you do?

Options :

A : Set up an ACL with OWNER permission to a scope of allUsers.

B : Set up an ACL with READER permission to a scope of allUsers.

C : Set up a default bucket ACL and manage access for users using IAM

D : Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.

Answer: D

Question 3

A ticketing platform company adopts Google Cloud Platform (GCP) for their ticketing application and needs guidance on setting up password requirements for their Cloud Identity account. The company has a password policy requirement that customer passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the company use to inform their new requirements?

Options :

A : Specify a minimum character count of 12 for passwords.

B : Specify a minimum password length of 6 characters.

C : Specify a password length requirement of at least 10 characters.

D : Specify a minimum password length of 8 characters.

Answer: D

Question 4

An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A wellestablished directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities. Which solution meets the organization's requirements?

Options :

A : Google Cloud Directory Sync (GCDS)

B : Cloud Identity

C : Security Assertion Markup Language (SAML)

D : Pub/Sub

Answer: A

Question 5

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

Options :

A : Perform data masking with the DLP API and store that data in BigQuery for later use

B : Perform data redaction with the DLP API and store that data in BigQuery for later use

C : Perform data inspection with the DLP API and store that data in BigQuery for later use.

D : Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Answer: D