لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership. What should your team do to meet these requirements?
A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups
B. Set up SAML 2
C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory
D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory
عرض الإجابة
اجابة صحيحة: AB
السؤال #2
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should you use to accomplish this?
A. Generalization
B. Redaction
C. CryptoHashConfig
D. CryptoReplaceFfxFpeConfig
عرض الإجابة
اجابة صحيحة: C
السؤال #3
An organization’s typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review. How should you advise this organization?
A. Use Forseti with Firewall filters to catch any unwanted configurations in production
B. Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies
C. Route all VPC traffic through customer-managed routers to detect malicious patterns in production
D. All production applications will run on-premises
عرض الإجابة
اجابة صحيحة: C
السؤال #4
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?
A. Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
B. Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
C. Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
D. Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
عرض الإجابة
اجابة صحيحة: C
السؤال #5
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP’s native SYN flood protection. Which product should be used to meet these requirements?
A. Cloud Armor
B. VPC Firewall Rules
C. Cloud Identity and Access Management
D. Cloud CDN
عرض الإجابة
اجابة صحيحة: B
السؤال #6
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization use to inform their new requirements?
A. Set the minimum length for passwords to be 8 characters
B. Set the minimum length for passwords to be 10 characters
C. Set the minimum length for passwords to be 12 characters
D. Set the minimum length for passwords to be 6 characters
عرض الإجابة
اجابة صحيحة: C
السؤال #7
You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls. Which document should you review to find the information?
A. Google Cloud Platform: Customer Responsibility Matrix
B. PCI DSS Requirements and Security Assessment Procedures
C. PCI SSC Cloud Computing Guidelines
D. Product documentation for Compute Engine
عرض الإجابة
اجابة صحيحة: B
السؤال #8
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized. Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)
A. App Engine
B. Cloud Functions
C. Compute Engine
D. Google Kubernetes Engine
E. Cloud Storage
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services. Which two settings must remain disabled to meet these requirements? (Choose two.)
A. Public IP
B. IP Forwarding
C. Private Google Access
D. Static routes
E. IAM Network User Role
عرض الإجابة
اجابة صحيحة: CD
السؤال #10
A customer’s data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite. How should you best advise the Systems Engineer to proce
A. Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain
B. Register a new domain name, and use that for the new Cloud Identity domain
C. Ask Google to provision the data science manager’s account as a Super Administrator in the existing domain
D. Ask customer’s management to discover any other uses of Google managed services, and work with the existing Super Administrator
عرض الإجابة
اجابة صحيحة: B
السؤال #11
A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects. Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources. Which type of access should your team grant to meet this requirement?
A. Organization Administrator
B. Security Reviewer
C. Organization Role Administrator
D. Organization Policy Administrator
عرض الإجابة
اجابة صحيحة: C
السؤال #12
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
A. Ensure that the app does not run as PID 1
B. Package a single app as a container
C. Remove any unnecessary tools not needed by the app
D. Use public container images as a base image for the app
E. Use many container image layers to hide sensitive information
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization. Which logging export strategy should you use to meet the requirements?
A. 1
B. 1
C. 1
D. 1
عرض الإجابة
اجابة صحيحة: DE

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: