You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?

• A.Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
• B.Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
• C.Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.
• D.Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Comment: *

Name: *

Email: *

Verification: *

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

• A.Remove any unnecessary tools not needed by the app.
• B.Package a single app as a container.
• C.Use public container images as a base image for the app.
• D.Use many container image layers to hide sensitive information.
• E.Ensure that the app does not run as PID 1.

Comment: *

Name: *

Email: *

Verification: *

Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

• A.Network Load Balancing
• B.SSL Proxy Load Balancing
• C.HTTP(S) Load Balancing
• D.TCP Proxy Load Balancing

Comment: *

Name: *

Email: *

Verification: *

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

• A.Product documentation for Compute Engine
• B.PCI DSS Requirements and Security Assessment Procedures
• C.Google Cloud Platform: Customer Responsibility Matrix
• D.PCI SSC Cloud Computing Guidelines

Comment: *

Name: *

Email: *

Verification: *

You are the Security Admin in your company. You want to synchronize all security groups that have an email address from your LDAP directory in Cloud IAM.
What should you do?

• A.Use a management tool to sync the subset based on group object class attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.
• B.Use a management tool to sync the subset based on the email address attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.
• C.Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate one-way sync.
• D.Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate bidirectional sync.

Comment: *

Name: *

Email: *

Verification: *