A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

• A.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
• B.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
• C.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
• D.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Comment: *

Name: *

Email: *

Verification: *

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B.
You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.
What should you do?

• A.Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.
• B.Enable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.
• C.Enable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.
• D.Enable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.

Comment: *

Name: *

Email: *

Verification: *

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

• A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
• B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
• C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
• D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Comment: *

Name: *

Email: *

Verification: *

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.
Which Cloud Identity password guidelines can the organization use to inform their new requirements?

• A.Set the minimum length for passwords to be 8 characters.
• B.Set the minimum length for passwords to be 12 characters.
• C.Set the minimum length for passwords to be 10 characters.
• D.Set the minimum length for passwords to be 6 characters.

Comment: *

Name: *

Email: *

Verification: *

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

• A.Google Cloud Platform: Customer Responsibility Matrix
• B.PCI DSS Requirements and Security Assessment Procedures
• C.PCI SSC Cloud Computing Guidelines
• D.Product documentation for Compute Engine

Comment: *

Name: *

Email: *

Verification: *