How should the DevOps team accomplish this?

Correct Answer for the Question – How should the DevOps team accomplish this? is given below A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE)How should the DevOps team accomplish this?Reference: https://cloud.google.com/kubernetes-engine/docs/security-bulletins Use Puppet or Chef to push out the patch to … Read more

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

Correct Answer for the Question – How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system? is given below How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system? Send all logs to the SIEM system via an existing protocol such as syslog. Configure every project … Read more

What solution would help meet the requirements?

Correct Answer for the Question – What solution would help meet the requirements? is given below An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization’s risk team … Read more

What should your team do?

Correct Answer for the Question – What should your team do? is given below A customer has an analytics workload running on Compute Engine that should have limited internet access.Your team created an egress firewall rule to deny (priority 1000) all traffic to the internet.The Compute Engine instances now need to reach out to the public … Read more

Which strategy should you use to meet these needs?

Correct Answer for the Question – Which strategy should you use to meet these needs? is given below A customer’s company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform … Read more

Where should you export the logs?

Correct Answer for the Question – Where should you export the logs? is given below A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries.Where should you export the logs?Reference: https://cloud.google.com/logging/docs/exclusions BigQuery datasets Cloud Storage buckets StackDriver logging Cloud Pub/Sub topics … Read more

How should the team complete this task?

Correct Answer for the Question – How should the team complete this task? is given below A customer’s internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK).How should the team complete this task?Reference: https://cloud.google.com/storage/docs/encryption/customer-supplied-keys Upload the encryption key to a Cloud Storage … Read more

What should you do to meet these requirements?

Correct Answer for the Question – What should you do to meet these requirements? is given below A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have … Read more

Which boot disk encryption solution should you use on the cluster to meet this customer’s requirements?

Correct Answer for the Question – Which boot disk encryption solution should you use on the cluster to meet this customer’s requirements? is given below A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement … Read more

Which service should be used to accomplish this?

Correct Answer for the Question – Which service should be used to accomplish this? is given below A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities.Which service should be used to accomplish this?Reference: https://cloud.google.com/security-scanner/ Cloud Armor Google Cloud Audit Logs Cloud Security Scanner Forseti Security … Read more