لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
You are exporting application logs to Cloud Storage. You encounter an error message that the log sinks don't support uniform bucket-level access policies. How should you resolve this error?
A. hange the access control model for the bucket
B. pdate your sink with the correct bucket destination
C. dd the roles/logging
D. dd the roles/logging
عرض الإجابة
اجابة صحيحة: B
السؤال #2
You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?
A. ll load balancer types are denied in accordance with the global node's policy
B. NTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder's policy
C. XTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project's policy
D. XTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL_TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project's policies
عرض الإجابة
اجابة صحيحة: D
السؤال #3
You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution:Must be cloud-nativeMust be cost-efficientMinimize operational overheadHow should you accomplish this? (Choose two.)
A.
B.
C.
D.
عرض الإجابة
اجابة صحيحة: CE
السؤال #4
Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.What should you do?
A. emporarily disable authentication on the Cloud Storage bucket
B. se the undelete command to recover the deleted service account
C. reate a new service account with the same name as the deleted service account
D. pdate the permissions of another existing service account and supply those credentials to the applications
عرض الإجابة
اجابة صحيحة: B
السؤال #5
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
A. uery Data Access logs
B. uery Admin Activity logs
C. uery Access Transparency logs
D. uery Stackdriver Monitoring Workspace
عرض الإجابة
اجابة صحيحة: C
السؤال #6
A customer wants to deploy a large number of 3-tier web applications on Compute Engine.How should the customer ensure authenticated network separation between the different tiers of the application?
A. Run each tier in its own Project, and segregate using Project labels
B. Run each tier with a different Service Account (SA), and use SA-based firewall rules
C. Run each tier in its own subnet, and use subnet-based firewall rules
D. Run each tier with its own VM tags, and use tag-based firewall rules
عرض الإجابة
اجابة صحيحة: C
السؤال #7
You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution:Must be cloud-nativeMust be cost-efficientMinimize operational overheadHow should you accomplish this? (Choose two.)
A.
B.
C.
D.
عرض الإجابة
اجابة صحيحة: CE
السؤال #8
You need to centralize your team's logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?
A. nable Cloud Monitoring workspace, and add the production projects to be monitored
B. se Logs Explorer at the organization level and filter for production project logs
C. reate an aggregate org sink at the parent folder of the production projects, and set the destination to a Cloud Storage bucket
D. reate an aggregate org sink at the parent folder of the production projects, and set the destination to a logs bucket
عرض الإجابة
اجابة صحيحة: D
السؤال #9
You have been tasked with implementing external web application protection against common web application attacks for a public application on Google Cloud. You want to validate these policy changes before they are enforced. What service should you use?
A. oogle Cloud Armor's preconfigured rules in preview mode
B. repopulated VPC firewall rules in monitor mode
C. he inherent protections of Google Front End (GFE)
D. loud Load Balancing firewall rules
E. PC Service Controls in dry run mode
عرض الإجابة
اجابة صحيحة: A
السؤال #10
You work for an organization in a regulated industry that has strict data protection requirements. The organization backs up their data in the cloud. To comply with data privacy regulations, this data can only be stored for a specific length of time and must be deleted after this specific period.You want to automate the compliance with this regulation while minimizing storage costs.What should you do?
A. tore the data in a persistent disk, and delete the disk at expiration time
B. tore the data in a Cloud Bigtable table, and set an expiration time on the column families
C. tore the data in a BigQuery table, and set the table's expiration time
D. tore the data in a Cloud Storage bucket, and configure the bucket's Object Lifecycle Management feature
عرض الإجابة
اجابة صحيحة: C
السؤال #11
A database administrator notices malicious activities within their Cloud SQL instance. The database administrator wants to monitor the API calls that read the configuration or metadata of resources. Which logs should the database administrator review?
A. dmin Activity
B. ystem Event
C. ccess Transparency
D. ata Access
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A customer wants to deploy a large number of 3-tier web applications on Compute Engine.How should the customer ensure authenticated network separation between the different tiers of the application?
A. un each tier in its own Project, and segregate using Project labels
B. un each tier with a different Service Account (SA), and use SA-based firewall rules
C. un each tier in its own subnet, and use subnet-based firewall rules
D. un each tier with its own VM tags, and use tag-based firewall rules
عرض الإجابة
اجابة صحيحة: C
السؤال #13
You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?
A. se Packet Mirroring to mirror traffic to and from particular VM instances
B. nable VPC Flow Logs for all subnets in the VPC
C. onfigure the Fluentd agent on each VM Instance within the VP Perform inspection on the log data using Cloud Logging
D. onfigure Google Cloud Armor access logs to perform inspection on the log data
عرض الإجابة
اجابة صحيحة: B
السؤال #14
You need to use Cloud External Key Manager to create an encryption key to encrypt specific BigQuery data at rest in Google Cloud. Which steps should you do first?
A.
B.
C.
D.
عرض الإجابة
اجابة صحيحة: C
السؤال #15
You need to use Cloud External Key Manager to create an encryption key to encrypt specific BigQuery data at rest in Google Cloud. Which steps should you do first?
A.
B.
C.
D.
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements:Only allows communication between the Web and App tiers.Enforces consistent network security when autoscaling the Web and App tiers.Prevents Compute Engine Instance Admins from altering network traffic.What should you do?
A.
B.
C.
D.
عرض الإجابة
اجابة صحيحة: A
السؤال #17
A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries.Where should you export the logs?
A. igQuery datasets
B. loud Storage buckets
C. tackDriver logging
D. loud Pub/Sub topics
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.What should your team do to meet these requirements?
A. et up Cloud Directory Sync to sync groups, and set IAM permissions on the groups
B. et up SAML 2
C. se the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory
D. se the Admin SDK to create groups and assign IAM permissions from Active Directory
عرض الإجابة
اجابة صحيحة: B
السؤال #19
An organization is moving applications to Google Cloud while maintaining a few mission- critical applications on-premises. The organization must transfer the data at a bandwidth of at least 50 Gbps. What should they use to ensure secure continued connectivity between sites?
A. edicated Interconnect
B. loud Router
C. loud VPN
D. artner Interconnect
عرض الإجابة
اجابة صحيحة: A
السؤال #20
An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.How should you advise this organization?
A. se Forseti with Firewall filters to catch any unwanted configurations in production
B. andate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies
C. oute all VPC traffic through customer-managed routers to detect malicious patterns in production
D. ll production applications will run on-premises
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.Which two settings must remain disabled to meet these requirements? (Choose two.)
A. onfigure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate one-way sync
B. onfigure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate bidirectional sync
C. se a management tool to sync the subset based on the email address attribute
D. se a management tool to sync the subset based on group object class attribute
عرض الإجابة
اجابة صحيحة: AC
السؤال #22
You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?
A. se Packet Mirroring to mirror traffic to and from particular VM instances
B. nable VPC Flow Logs for all subnets in the VPC
C. onfigure the Fluentd agent on each VM Instance within the VP Perform inspection on the log data using Cloud Logging
D. onfigure Google Cloud Armor access logs to perform inspection on the log data
عرض الإجابة
اجابة صحيحة: B
السؤال #23
You are a security administrator at your company and are responsible for managing access controls (identification, authentication, and authorization) on Google Cloud. Which Google- recommended best practices should you follow when configuring authentication and authorization? (Choose two.)
A. ncrypt non-sensitive data and sensitive data with Cloud External Key Manager
B. ncrypt non-sensitive data and sensitive data with Cloud Key Management Service
C. ncrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager
D. ncrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service
عرض الإجابة
اجابة صحيحة: DE
السؤال #24
Your organization's Google Cloud VMs are deployed via an instance template that configures them with a public IP address in order to host web services for external users. The VMs reside in a service project that is attached to a host (VPC) project containing one custom Shared VPC for the VMs. You have been asked to reduce the exposure of the VMs to the internet while continuing to service external users. You have already recreated the instance template without a public IP address configuration to launch the
A. eploy a Cloud NAT Gateway in the service project for the MIG
B. eploy a Cloud NAT Gateway in the host (VPC) project for the MIG
C. eploy an external HTTP(S) load balancer in the service project with the MIG as a backend
D. eploy an external HTTP(S) load balancer in the host (VPC) project with the MIG as a backend
عرض الإجابة
اجابة صحيحة: C
السؤال #25
You are troubleshooting access denied errors between Compute Engine instances connected to a Shared VPC and BigQuery datasets. The datasets reside in a project protected by a VPC Service Controls perimeter. What should you do?
A. dd the host project containing the Shared VPC to the service perimeter
B. dd the service project where the Compute Engine instances reside to the service perimeter
C. reate a service perimeter between the service project where the Compute Engine instances reside and the host project that contains the Shared VP
D. reate a perimeter bridge between the service project where the Compute Engine instances reside and the perimeter that contains the protected BigQuery datasets
عرض الإجابة
اجابة صحيحة: C
السؤال #26
In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)
A. Hardware
B. Network Security
C. Storage Encryption
D. Access Policies
E. Boot
عرض الإجابة
اجابة صحيحة: CD
السؤال #27
Which type of load balancer should you use to maintain client IP by default while using thestandard network tier?
A. SL Proxy
B. CP Proxy
C. nternal TCP/UDP
D. CP/UDP Network
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which two implied firewall rules are defined on a VPC network? (Choose two.)
A. rule that allows all outbound connections
B. rule that denies all inbound connections
C. rule that blocks all inbound port 25 connections
D. rule that blocks all outbound connections
E. rule that allows all inbound port 80 connections
عرض الإجابة
اجابة صحيحة: AB
السؤال #29
A customer's company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions.Which strategy should you use to meet these needs?
A. reate an organization node, and assign folders for each business unit
B. stablish standalone projects for each business unit, using gmail
C. ssign GCP resources in a project, with a label identifying which business unit owns the resource
D. ssign GCP resources in a VPC for each business unit to separate network access
عرض الإجابة
اجابة صحيحة: A
السؤال #30
You manage your organization's Security Operations Center (SOC). You currently monitor and detect network traffic anomalies in your Google Cloud VPCs based on packet header information. However, you want the capability to explore network flows and their payload to aid investigations. Which Google Cloud product should you use?
A. arketplace IDS
B. PC Flow Logs
C. PC Service Controls logs
D. acket Mirroring
E. oogle Cloud Armor Deep Packet Inspection
عرض الإجابة
اجابة صحيحة: D
السؤال #31
You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and AccessManagement (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.What should you do?
A. Create a single KeyRing for all persistent disks and all Keys in this KeyRing
B. Create a single KeyRing for all persistent disks and all Keys in this KeyRing
C. Create a KeyRing per persistent disk, with each KeyRing containing a single Key
D. Create a KeyRing per persistent disk, with each KeyRing containing a single Key
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.What should you do?
A. loud Armor
B. oogle Cloud Audit Logs
C. loud Security Scanner
D. orseti Security
عرض الإجابة
اجابة صحيحة: A
السؤال #33
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication.Which GCP product should the customer implement to meet these requirements?
A. loud Identity-Aware Proxy
B. loud Armor
C. loud Endpoints
D. loud VPN
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Your team sets up a Shared VPC Network where project co-vpc-prod is the host project.Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.What should your team grant to Engineering Group A to meet this requirement?
A. ompute Network User Role at the host project level
B. ompute Network User Role at the subnet level
C. ompute Shared VPC Admin Role at the host project level
D. ompute Shared VPC Admin Role at the service project level
عرض الإجابة
اجابة صحيحة: B
السؤال #35
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.Which two settings must remain disabled to meet these requirements? (Choose two.)
A. onfigure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate one-way sync
B. onfigure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate bidirectional sync
C. se a management tool to sync the subset based on the email address attribute
D. se a management tool to sync the subset based on group object class attribute
عرض الإجابة
اجابة صحيحة: AC
السؤال #36
You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.What should you do?
A. se multi-factor authentication for admin access to the web application
B. se only applications certified compliant with PA-DSS
C. ove the cardholder data environment into a separate GCP project
D. se VPN for all connections between your office and cloud environments
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.How should your team design this network?
A. reate an ingress firewall rule to allow access only from the application to the database using firewall tags
B. reate a different subnet for the frontend application and database to ensure network isolation
C. reate two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation
D. reate two VPC networks, and connect the two networks using VPC peering to ensure network isolation
عرض الإجابة
اجابة صحيحة: A
السؤال #38
You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?
A. ll load balancer types are denied in accordance with the global node's policy
B. NTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder's policy
C. XTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project's policy
D. XTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL_TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project's policies
عرض الإجابة
اجابة صحيحة: D
السؤال #39
Which Google Cloud service should you use to enforce access control policies for applications and resources?
A. dentity-Aware Proxy
B. loud NAT
C. oogle Cloud Armor
D. hielded VMs
عرض الإجابة
اجابة صحيحة: A
السؤال #40
For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on "in- scope" Nodes only. These Nodes can only contain the "in-scope" Pods.How should the organization achieve this objective?
A. dd a nodeSelector field to the pod configuration to only use the Nodes labeled inscope:true
B. reate a node pool with the label inscope: true and a Pod Security Policy that only allows the Pods to run on Nodes with that label
C. lace a taint on the Nodes with the label inscope: true and effect NoSchedule and a toleration to match in the Pod configuration
D. un all in-scope Pods in the namespace "in-scope-pci"
عرض الإجابة
اجابة صحيحة: C
السؤال #41
You need to set up two network segments: one with an untrusted subnet and the other with a trusted subnet. You want to configure a virtual appliance such as a next-generation firewall (NGFW) to inspect all traffic between the two network segments. How should you design the network to inspect the traffic?
A. end all logs to the SIEM system via an existing protocol such as syslog
B. onfigure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system
C. onfigure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow
D. uild a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs
عرض الإجابة
اجابة صحيحة: B
السؤال #42
An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addressesWhich solution should your team implement to meet these requirements?
A. loud Armor
B. etwork Load Balancing
C. SL Proxy Load Balancing
D. AT Gateway
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects.Which two steps should the company take to meet these requirements? (Choose two.)
A. reate a single KeyRing for all persistent disks and all Keys in this KeyRing
B. reate a single KeyRing for all persistent disks and all Keys in this KeyRing
C. reate a KeyRing per persistent disk, with each KeyRing containing a single Key
D. reate a KeyRing per persistent disk, with each KeyRing containing a single Key
عرض الإجابة
اجابة صحيحة: BC
السؤال #44
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.Which Cloud Identity password guidelines can the organization use to inform their new requirements?
A. et the minimum length for passwords to be 8 characters
B. et the minimum length for passwords to be 10 characters
C. et the minimum length for passwords to be 12 characters
D. et the minimum length for passwords to be 6 characters
عرض الإجابة
اجابة صحيحة: A
السؤال #45
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
A. uery Data Access logs
B. uery Admin Activity logs
C. uery Access Transparency logs
D. uery Stackdriver Monitoring Workspace
عرض الإجابة
اجابة صحيحة: C
السؤال #46
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.What should you do?
A. enerate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
B. enerate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
C. enerate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
D. enerate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
عرض الإجابة
اجابة صحيحة: A
السؤال #47
You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements:Each business unit manages access controls for their own projects.Each business unit manages access control permissions at scale.Business units cannot access other business units' projects.Users lose their access if they move to a different business unit or leave the company.Users and access control permiss
A. nable Private Google Access on the regional subnets and global dynamic routing mode
B. et up a Private Service Connect endpoint IP address with the API bundle of "all-apis", which is advertised as a route over the Cloud interconnect connection
C. se private
D. se restricted googleapis
عرض الإجابة
اجابة صحيحة: DE
السؤال #48
Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.What should you do?
A. emporarily disable authentication on the Cloud Storage bucket
B. se the undelete command to recover the deleted service account
C. reate a new service account with the same name as the deleted service account
D. pdate the permissions of another existing service account and supply those credentials to the applications
عرض الإجابة
اجابة صحيحة: B
السؤال #49
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.Which Cloud Identity password guidelines can the organization use to inform their new requirements?
A. et the minimum length for passwords to be 8 characters
B. et the minimum length for passwords to be 10 characters
C. et the minimum length for passwords to be 12 characters
D. et the minimum length for passwords to be 6 characters
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company's servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances.You have the following requirements:The network connection must be encrypted.The communication between servers must be over private IP addresses.What should you do?
A. se the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity
B. se the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity
C. onfigure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity
D. onfigure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity
عرض الإجابة
اجابة صحيحة: A
السؤال #51
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.What should you do?
A. enerate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
B. enerate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
C. enerate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
D. enerate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
عرض الإجابة
اجابة صحيحة: A
السؤال #52
You have noticed an increased number of phishing attacks across your enterprise user accounts. You want to implement the Google 2-Step Verification (2SV) option that uses a cryptographic signature to authenticate a user and verify the URL of the login page. Which Google 2SV option should you use?
A. itan Security Keys
B. oogle prompt
C. oogle Authenticator app
D. loud HSM keys
عرض الإجابة
اجابة صحيحة: C
السؤال #53
Your company operates an application instance group that is currently deployed behind a Google Cloud load balancer in us-central-1 and is configured to use the Standard Tier network. The infrastructure team wants to expand to a second Google Cloud region, us- east-2. You need to set up a single external IP address to distribute new requests to the instance groups in both regions.What should you do?
A. hange the load balancer backend configuration to use network endpoint groups instead of instance groups
B. hange the load balancer frontend configuration to use the Premium Tier network, and add the new instance group
C. reate a new load balancer in us-east-2 using the Standard Tier network, and assign a static external IP address
D. reate a Cloud VPN connection between the two regions, and enable Google Private Access
عرض الإجابة
اجابة صحيحة: A
السؤال #54
You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.Which document should you review to find the information?
A. oogle Cloud Platform: Customer Responsibility Matrix
B. CI DSS Requirements and Security Assessment Procedures
C. CI SSC Cloud Computing Guidelines
D. roduct documentation for Compute Engine
عرض الإجابة
اجابة صحيحة: A
السؤال #55
You are backing up application logs to a shared Cloud Storage bucket that is accessible to both the administrator and analysts. Analysts should not have access to logs that contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible to the administrator. What should you do?
A. pload the logs to both the shared bucket and the bucket with Pll that is only accessible to the administrator
B. n the shared bucket, configure Object Lifecycle Management to delete objects that contain Pll
C. n the shared bucket, configure a Cloud Storage trigger that is only triggered when Pll is uploaded
D. se Pub/Sub and Cloud Functions to trigger a Cloud Data Loss Prevention scan every time a file is uploaded to the administrator's bucket
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Your organization has had a few recent DDoS attacks. You need to authenticate responses to domain name lookups. Which Google Cloud service should you use?
A. loud DNS with DNSSEC
B. loud NAT
C. TTP(S) Load Balancing
D. oogle Cloud Armor
عرض الإجابة
اجابة صحيحة: A
السؤال #57
Which Google Cloud service should you use to enforce access control policies for applications and resources?
A. dentity-Aware Proxy
B. loud NAT
C. oogle Cloud Armor
D. hielded VMs
عرض الإجابة
اجابة صحيحة: A
السؤال #58
Your organization's Google Cloud VMs are deployed via an instance template that configures them with a public IP address in order to host web services for external users. The VMs reside in a service project that is attached to a host (VPC) project containing one custom Shared VPC for the VMs. You have been asked to reduce the exposure of the VMs to the internet while continuing to service external users. You have already recreated the instance template without a public IP address configuration to launch the
A. eploy a Cloud NAT Gateway in the service project for the MIG
B. eploy a Cloud NAT Gateway in the host (VPC) project for the MIG
C. eploy an external HTTP(S) load balancer in the service project with the MIG as a backend
D. eploy an external HTTP(S) load balancer in the host (VPC) project with the MIG as a backend
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.