A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?

• A.Use Cloud Build to build the container images.
• B.Build small containers using small base images.
• C.Delete non-used versions from Container Registry.
• D.Use a Continuous Delivery tool to deploy the application.
  Section: (none)
  Explanation

Comment: *

Name: *

Email: *

Verification: *

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

• A.Configure the project with VPC peering.
• B.Configure the project with Cloud Interconnect.
• C.Configure all Compute Engine instances with Private Access.
• D.Configure the project with Shared VPC.
• E.Configure the project with Cloud VPN.

Comment: *

Name: *

Email: *

Verification: *

You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires you to maintain the user identity in a third-party identity management provider and leverage single sign-on. You learn that a significant number of users are using their corporate domain email addresses for personal Google accounts, and you need to follow Google recommended practices to convert existing unmanaged users to managed accounts.
Which two actions should you take? (Choose two.)

• A.Use Google Cloud Directory Sync to synchronize your local identity management system to Cloud Identity.
• B.Use the Google Admin console to view which managed users are using a personal account for their recovery email.
• C.Add users to your managed Google account and force users to change the email addresses associated with their personal accounts.
• D.Use the Transfer Tool for Unmanaged Users (TTUU) to find users with conflicting accounts and ask them to transfer their personal Google accounts.
• E.Send an email to all of your employees and ask those users with corporate email addresses for personal Google accounts to delete the personal accounts immediately.

Comment: *

Name: *

Email: *

Verification: *

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B.
You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.
What should you do?

• A.Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.
• B.Enable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.
• C.Enable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.
• D.Enable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.

Comment: *

Name: *

Email: *

Verification: *

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery What should you do?

• A.Enable Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.
• B.Use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.
• C.Create a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows.
• D.Leverage Security Command Center to scan for the assets of type Credit Card Number in BigQuery.

Comment: *

Name: *

Email: *

Verification: *