You have defined subnets in a VPC within Google Cloud Platform. You need multiple projects to create Compute Engine instances with IP addresses from these subnets. What should you do?
Applications often require access to "secrets" - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of "who did what, where, and when?" within their GCP projects.
Which two log streams would provide the information that the administrator is looking for? (Choose two.)
What are the steps to encrypt data using envelope encryption?
A.Generate a data encryption key (DEK) locally.
* Use a key encryption key (KEK) to wrap the DEK.
* Encrypt data with the KEK.
* Store the encrypted data and the wrapped KEK.
B.Generate a key encryption key (KEK) locally.
* Use the KEK to generate a data encryption key (DEK).
* Encrypt data with the DEK.
* Store the encrypted data and the wrapped DEK.
C.Generate a data encryption key (DEK) locally.
* Encrypt data with the DEK.
* Use a key encryption key (KEK) to wrap the DEK.
* Store the encrypted data and the wrapped DEK.
D.Generate a key encryption key (KEK) locally.
* Generate a data encryption key (DEK) locally.
* Encrypt data with the KEK.
* Store the encrypted data and the wrapped DEK.
While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?
A customer wants to deploy a large number of 3-tier web applications on Compute Engine.
How should the customer ensure authenticated network separation between the different tiers of the application?
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2022-04-15.q108 Dumps
