최신 Professional-Cloud-Security-Engineer 무료덤프 - Google Cloud Certified

문제1

Your organization wants to be General Data Protection Regulation (GDPR) compliant You want to ensure that your DevOps teams can only create Google Cloud resources in the Europe regions.
What should you do?

A. Use the org policy constraint "Restrict Resource Service Usage'* on your Google Cloud organization node.

B. Use Identity-Aware Proxy (IAP) with Access Context Manager to restrict the location of Google Cloud resources.

C. Use Identity and Access Management (1AM) custom roles to ensure that your DevOps team can only create resources in the Europe regions

D. Use the org policy constraint Google Cloud Platform - Resource Location Restriction" on your Google Cloudorganization node.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Your organization must comply with the regulation to keep instance logging data within Europe. Your workloads will be hosted in the Netherlands in region europe-west4 in a new project. You must configure Cloud Logging to keep your data in the country.
What should you do?

A. Configure the organization policy constraint gcp.resourceLocations to europe-west4.

B. Configure log sink to export all logs into a Cloud Storage bucket in europe-west4.

C. Set the logging storage region to eurcpe-west4 by using the gcloud CLI logging settings update.

D. Create a new tog bucket in europe-west4. and redirect the _Def auit bucKet to the new bucket.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Your organization operates in a highly regulated industry and uses multiple Google Cloud services. You need to identify potential risks to regulatory compliance. Which situation introduces the greatest risk?

A. Principals have broad IAM roles allowing the creation and management of Compute Engine VMs without a pre-defined hardening process.

B. Sensitive data is stored in a Cloud Storage bucket with the uniform bucket-level access setting enabled.

C. The audit team needs access to Cloud Audit Logs related to managed services like BigQuery.

D. The security team mandates the use of customer-managed encryption keys (CMEK) for all data classified as sensitive.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Your organization uses Google Workspace Enterprise Edition tor authentication. You are concerned about employees leaving their laptops unattended for extended periods of time after authenticating into Google Cloud. You must prevent malicious people from using an employee's unattended laptop to modify their environment.
What should you do?

A. Create a policy that requires employees to not leave their sessions open for long durations.

B. Set the session length timeout for Google Cloud services to a shorter duration.

C. Require strong passwords and 2SV through a security token or Google authenticate.

D. Review and disable unnecessary Google Cloud APIs.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제5

Your company's Chief Information Security Officer (CISO) creates a requirement that business data must be stored in specific locations due to regulatory requirements that affect the company's global expansion plans.
After working on the details to implement this requirement, you determine the following:
The services in scope are included in the Google Cloud Data Residency Terms.
The business data remains within specific locations under the same organization.
The folder structure can contain multiple data residency locations.
You plan to use the Resource Location Restriction organization policy constraint. At which level in the resource hierarchy should you set the constraint?

A. Folder

B. Organization

C. Resource

D. Project

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Your financial services company has an audit requirement under a strict regulatory framework that requires comprehensive, immutable audit trails for all administrative and data access activity that ensures that data is kept for seven years. Your current logging is fragmented across individual projects. You need to establish a centralized, tamper-proof, long-term logging solution accessible for audits. What should you do?

A. Establish organization-level Cloud Logging sinks to export Cloud Audit Logs to a dedicated Cloud Storage bucket with object retention lock.

B. Enable Security Command Center across the organization to gain centralized visibility into threats and manage compliance posture for all Google Cloud projects.

C. Individually configure Cloud Audit Logs for all Google Cloud services in each project. Store the logs in regional Cloud Logging buckets with 30-day retention policies.

D. Implement Pub/Sub to stream all audit logs from each project in real-time to an external Security Information and Event Management (SIEM) for long-term analysis.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Your company has been creating users manually in Cloud Identity to provide access to Google Cloud resources. Due to continued growth of the environment, you want to authorize the Google Cloud Directory Sync (GCDS) instance and integrate it with your on-premises LDAP server to onboard hundreds of users.
You are required to:
Replicate user and group lifecycle changes from the on-premises LDAP server in Cloud Identity.
Disable any manually created users in Cloud Identity.
You have already configured the LDAP search attributes to include the users and security groups in scope for Google Cloud. What should you do next to complete this solution?

A. 1. Configure the LDAP search attributes to exclude manually created Cloud identity users not found in LDAP.2. Run GCDS after user and group lifecycle changes.

B. 1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP.2. Set up a recurring GCDS task.

C. 1. Configure the option to delete domain users not found in LDAP.2. Run GCDS after user and group lifecycle changes.

D. 1. Configure the option to suspend domain users not found in LDAP.2. Set up a recurring GCDS task.

정답: D

문제8

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

A. Configure all Compute Engine instances with Private Access.

B. Configure the project with VPC peering.

C. Configure the project with Cloud VPN.

D. Configure the project with Cloud Interconnect.

E. Configure the project with Shared VPC.

정답: C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제9

Your company's cloud security policy dictates that VM instances should not have an external IP address. You need to identify the Google Cloud service that will allow VM instances without external IP addresses to connect to the internet to update the VMs. Which service should you use?

A. Cloud DNS

B. TCP/UDP Load Balancing

C. Identity Aware-Proxy

D. Cloud NAT

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제10

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.
What should you do?

A. 1. Enable Container Threat Detection in the Security Command Center Premium tier.* 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.* 3. View and share the results from the Security Command Center

B. * 1. Get a GitHub subscription.* 2. Build the images in Cloud Build and store them in GitHub for automatic scanning* 3. Download the report from GitHub and share with the Security Team

C. * 1. Enable vulnerability scanning in the Artifact Registry settings.* 2. Use Cloud Build to build the images* 3. Push the images to the Artifact Registry for automatic scanning.* 4. View the reports in the Artifact Registry.

D. * 1. Use an open source tool in Cloud Build to scan the images.* 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil* 3. Share the scan report link with your security department.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Your organization s customers must scan and upload the contract and their driver license into a web portal in Cloud Storage. You must remove all personally identifiable information (Pll) from files that are older than 12 months. Also you must archive the anonymized files for retention purposes.
What should you do?

A. Configure the Autoclass feature of the Cloud Storage bucket to de-identify Pll Archive the files that are older than 12 months Delete the original files.

B. Create a Cloud Data Loss Prevention (DLP) inspection job that de-identifies Pll in files created more than 12 months ago and archives them to another Cloud Storage bucket. Delete the original files.

C. Schedule a Cloud Key Management Service (KMS) rotation period of 12 months for the encryption keys of the Cloud Storage files containing Pll to de-identify them Delete the original keys.

D. Set a time to live (TTL) of 12 months for the files in the Cloud Storage bucket that removes PH and moves the files to the archive storage class.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Your Google Cloud organization allows for administrative capabilities to be distributed to each team through provision of a Google Cloud project with Owner role (roles/ owner). The organization contains thousands of Google Cloud Projects Security Command Center Premium has surfaced multiple cpen_myscl_port findings.
You are enforcing the guardrails and need to prevent these types of common misconfigurations.
What should you do?

A. Create a hierarchical firewall policy configured at the organization to deny all connections from 0 0 0 0
/0.

B. Create a Google Cloud Armor security policy to deny traffic from 0 0 0 0/0.

C. Create a hierarchical firewall policy configured at the organization to allow connections only from internal IP ranges

D. Create a firewall rule for each virtual private cloud (VPC) to deny traffic from 0 0 0 0/0 with priority 0.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 Professional-Cloud-Security-Engineer 무료덤프 - Google Cloud Certified - Professional Cloud Security Engineer

우리와 연락하기

유용한 링크

최신 업데이트