A customer's internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK).
How should the team complete this task?

• A.Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same bucket.
• B.Use the gsutil command line tool to upload the object to Cloud Storage, and specify the location of the encryption key.
• C.Generate an encryption key in the Google Cloud Platform Console, and upload an object to Cloud Storage using the specified key.
• D.Encrypt the object, then use the gsutil command line tool or the Google Cloud Platform Console to upload the object to Cloud Storage.

Comment: *

Name: *

Email: *

Verification: *

Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.
How should your team meet these requirements?

• A.Set up a VPC network with two subnets: one with public IPs and one without public IPs.
• B.Remove the Editor role and grant the Compute Admin IAM role to the engineers.
• C.Enable Private Access on the VPC network in the production project.
• D.Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.

Comment: *

Name: *

Email: *

Verification: *

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

• A.Configure the project with Cloud VPN.
• B.Configure the project with Shared VPC.
• C.Configure the project with Cloud Interconnect.
• D.Configure the project with VPC peering.
• E.Configure all Compute Engine instances with Private Access.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The networking and security teams have decided that no VMs may reach the public internet.
How should this be accomplished?

• A.Create a firewall rule to block internet traffic from the VM.
• B.Mount a Cloud Storage bucket as a local filesystem on every VM.
• C.Provision a NAT Gateway to access the Cloud Storage API endpoint.
• D.Enable Private Google Access on the VPC.

Comment: *

Name: *

Email: *

Verification: *

When creating a secure container image, which two items should you incorporate into the build if possible?
(Choose two.)

• A.Ensure that the app does not run as PID 1.
• B.Package a single app as a container.
• C.Remove any unnecessary tools not needed by the app.
• D.Use public container images as a base image for the app.
• E.Use many container image layers to hide sensitive information.

Comment: *

Name: *

Email: *

Verification: *