Which two security characteristics are related to the use of VPC peering to connect two VPC networks?
(Choose two.)

• A.Central management of routes, firewalls, and VPNs for peered networks
• B.Non-transitive peered networks; where only directly peered networks can communicate
• C.Ability to share specific subnets across peered networks
• D.Firewall rules that can be created with a tag from one peered network to another peered network
• E.Ability to peer networks that belong to different Google Cloud Platform organizations

Comment: *

Name: *

Email: *

Verification: *

A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer's browser and GCP when the customers checkout online.
What should they do?

• A.Configure an SSL Certificate on an L7 Load Balancer and require encryption.
• B.Configure the firewall to allow outbound traffic on port 443, and block all other outbound traffic.
• C.Configure an SSL Certificate on a Network TCP Load Balancer and require encryption.
• D.Configure the firewall to allow inbound traffic on port 443, and block all other inbound traffic.

Comment: *

Name: *

Email: *

Verification: *

Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.
What should you do?

• A.Update the permissions of another existing service account and supply those credentials to the applications.
• B.Create a new service account with the same name as the deleted service account.
• C.Temporarily disable authentication on the Cloud Storage bucket.
• D.Use the undelete command to recover the deleted service account.

Comment: *

Name: *

Email: *

Verification: *

A Cloud Development team needs to use service accounts extensively in their local development.
You need to provide the team with the keys for these service accounts. You want to follow Google-recommended practices. What should you do?

• A.Implement a daily key rotation process that generates a new key and commits it to the source code repository every day.
• B.Implement a daily key rotation process, and provide developers with a Cloud Storage bucket from which they can download the new key every day.
• C.Create a Google Group with all developers. Assign the group the IAM role of Service Account User, and have developers generate and download their own keys.
• D.Create a Google Group with all developers. Assign the group the IAM role of Service Account Admin, and have developers generate and download their own keys.

Comment: *

Name: *

Email: *

Verification: *

A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned.
What should the customer do?

• A.Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.
• B.Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.
• C.Use the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.
• D.Configure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.

Comment: *

Name: *

Email: *

Verification: *