Your organization recently deployed a new application on Google Kubernetes Engine. You need to deploy a solution to protect the application. The solution has the following requirements:
Scans must run at least once per week
Must be able to detect cross-site scripting vulnerabilities
Must be able to authenticate using Google accounts
Which solution should you use?

• A.Google Cloud Armor
• B.Web Security Scanner
• C.Container Threat Detection
• D.Security Health Analytics

Comment: *

Name: *

Email: *

Verification: *

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

• A.Cloud Armor
• B.Network Load Balancing
• C.SSL Proxy Load Balancing
• D.NAT Gateway

Comment: *

Name: *

Email: *

Verification: *

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

• A.Google Cloud Platform: Customer Responsibility Matrix
• B.PCI DSS Requirements and Security Assessment Procedures
• C.PCI SSC Cloud Computing Guidelines
• D.Product documentation for Compute Engine

Comment: *

Name: *

Email: *

Verification: *

You are designing a new governance model for your organization's secrets that are stored in Secret Manager. Currently, secrets for Production and Non-Production applications are stored and accessed using service accounts. Your proposed solution must:
Provide granular access to secrets
Give you control over the rotation schedules for the encryption keys that wrap your secrets Maintain environment separation Provide ease of management Which approach should you take?

• A.1. Use a single Google Cloud project to store both Production and Non-Production secrets.
  2. Enforce access control to secrets using project-level Identity and Access Management (IAM) bindings.
  3. Use customer-managed encryption keys to encrypt secrets.
• B.1. Use a single Google Cloud project to store both Production and Non-Production secrets.
  2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.
  3. Use Google-managed encryption keys to encrypt secrets.
• C.1. Use separate Google Cloud projects to store Production and Non-Production secrets.
  2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.
  3. Use Google-managed encryption keys to encrypt secrets.
• D.1. Use separate Google Cloud projects to store Production and Non-Production secrets.
  2. Enforce access control to secrets using project-level identity and Access Management (IAM) bindings.
  3. Use customer-managed encryption keys to encrypt secrets.

Comment: *

Name: *

Email: *

Verification: *

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.
Which two tasks should your team perform to handle this request? (Choose two.)

• A.Remove all users from the Project Creator role at the organizational level.
• B.Add a designated group of users to the Project Creator role at the organizational level.
• C.Grant the billing account creator role to the designated DevOps team.
• D.Create an Organization Policy constraint, and apply it at the organizational level.
• E.Grant the Project Editor role at the organizational level to a designated group of users.

Comment: *

Name: *

Email: *

Verification: *