When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

• A.Ensure that the app does not run as PID 1.
• B.Package a single app as a container.
• C.Remove any unnecessary tools not needed by the app.
• D.Use public container images as a base image for the app.
• E.Use many container image layers to hide sensitive information.

Comment: *

Name: *

Email: *

Verification: *

When creating a secure container image, which two items should you incorporate into the build if possible?
(Choose two.)

• A.Ensure that the app does not run as PID 1.
• B.Package a single app as a container.
• C.Remove any unnecessary tools not needed by the app.
• D.Use public container images as a base image for the app.
• E.Use many container image layers to hide sensitive information.

Comment: *

Name: *

Email: *

Verification: *

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

• A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
• B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
• C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
• D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Comment: *

Name: *

Email: *

Verification: *

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

• A.Perform data redaction with the DLP API and store that data in BigQuery for later use.
• B.Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.
• C.Perform data inspection with the DLP API and store that data in BigQuery for later use.
• D.Perform data masking with the DLP API and store that data in BigQuery for later use.

Comment: *

Name: *

Email: *

Verification: *

You want to use the gcloud command-line tool to authenticate using a third-party single sign-on (SSO) SAML identity provider. Which options are necessary to ensure that authentication is supported by the third-party identity provider (IdP)? (Choose two.)

• A.Identity-Aware Proxy
• B.OpenID Connect
• C.Identity Platform
• D.SSO SAML as a third-party IdP
• E.Cloud Identity

Comment: *

Name: *

Email: *

Verification: *