Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.
What should you do?

• A.Temporarily disable authentication on the Cloud Storage bucket.
• B.Use the undelete command to recover the deleted service account.
• C.Create a new service account with the same name as the deleted service account.
• D.Update the permissions of another existing service account and supply those credentials to the applications.

Comment: *

Name: *

Email: *

Verification: *

Your company requires the security and network engineering teams to identify all network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and traffic between VMs to Google Cloud services in production. Which method should you use?

• A.Monitor and analyze Cloud Audit Logs.
• B.Enable VPC Flow Logs on the subnet.
• C.Define an organization policy constraint.
• D.Configure packet mirroring policies.

Comment: *

Name: *

Email: *

Verification: *

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

• A.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.
• B.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.
• C.In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.
• D.In Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.

Comment: *

Name: *

Email: *

Verification: *

A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.
What should you do to meet these requirements?

• A.Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
• B.Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
• C.Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
• D.Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.

Comment: *

Name: *

Email: *

Verification: *

You need to implement an encryption at-rest strategy that reduces key management complexity for non-sensitive data and protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule. FIPS 140-2 L1 compliance is required for all data types. What should you do?

• A.Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
• B.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
• C.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.
• D.Encrypt non-sensitive data and sensitive data with Cloud Key Management Service

Comment: *

Name: *

Email: *

Verification: *