You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

• A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
• B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
• C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
• D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Comment: *

Name: *

Email: *

Verification: *

Which two security characteristics are related to the use of VPC peering to connect two VPC networks? (Choose two.)

• A.Ability to share specific subnets across peered networks
• B.Non-transitive peered networks; where only directly peered networks can communicate
• C.Firewall rules that can be created with a tag from one peered network to another peered network
• D.Central management of routes, firewalls, and VPNs for peered networks
• E.Ability to peer networks that belong to different Google Cloud Platform organizations

Comment: *

Name: *

Email: *

Verification: *

Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

• A.Network Load Balancing
• B.HTTP(S) Load Balancing
• C.TCP Proxy Load Balancing
• D.SSL Proxy Load Balancing

Comment: *

Name: *

Email: *

Verification: *

You plan to use a Google Cloud Armor policy to prevent common attacks such as cross-site scripting (XSS) and SQL injection (SQLi) from reaching your web application's backend. What are two requirements for using Google Cloud Armor security policies? (Choose two.)

• A.The load balancer must be an external HTTP(S) load balancer.
• B.The load balancer must use the Premium Network Service Tier.
• C.The load balancer must be an external SSL proxy load balancer.
• D.The backend service's load balancing scheme must be EXTERNAL.
• E.Google Cloud Armor Policy rules can only match on Layer 7 (L7) attributes.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?

• A.Cloud VPN
• B.Cloud Endpoints
• C.Cloud Identity-Aware Proxy
• D.Cloud Armor

Comment: *

Name: *

Email: *

Verification: *