Your company wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need to join user information in the company's banking app with customers' credit score data received from a third party. While using this raw data will allow you to complete this task, it exposes sensitive data, which could be propagated into new systems.
This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?

• A.Secure, key-based hashes
• B.Cryptographic hashing
• C.Format-preserving encryption
• D.Deterministic encryption

Comment: *

Name: *

Email: *

Verification: *

What are the steps to encrypt data using envelope encryption?

• A.Generate a data encryption key (DEK) locally.
  Use a key encryption key (KEK) to wrap the DEK. Encrypt data with the KEK.
  Store the encrypted data and the wrapped KEK.
• B.Generate a key encryption key (KEK) locally.
  Use the KEK to generate a data encryption key (DEK). Encrypt data with the DEK.
  Store the encrypted data and the wrapped DEK.
• C.Generate a data encryption key (DEK) locally.
  Encrypt data with the DEK.
  Use a key encryption key (KEK) to wrap the DEK. Store the encrypted data and the wrapped DEK.
• D.Generate a key encryption key (KEK) locally.
  Generate a data encryption key (DEK) locally. Encrypt data with the KEK.
  Store the encrypted data and the wrapped DEK.

Comment: *

Name: *

Email: *

Verification: *

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted dat a. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?

• A.Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
• B.Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.
• C.Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
• D.Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys.
Which boot disk encryption solution should you use on the cluster to meet this customer's requirements?

• A.Customer-supplied encryption keys (CSEK)
• B.Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
• C.Encryption by default
• D.Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis

Comment: *

Name: *

Email: *

Verification: *

An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization's risk team wants to ensure that network security controls are maintained and effective in G Suite. A security architect supporting this migration has been asked to ensure that network security controls are in place as part of the new shared responsibility model between the organization and Google Cloud.
What solution would help meet the requirements?

• A.Ensure that firewall rules are in place to meet the required controls.
• B.Set up Cloud Armor to ensure that network security controls can be managed for G Suite.
• C.Network security is a built-in solution and Google's Cloud responsibility for SaaS products like G Suite.
• D.Set up an array of Virtual Private Cloud (VPC) networks to control network security as mandated by the relevant regulation.

Comment: *

Name: *

Email: *

Verification: *