Which two implied firewall rules are defined on a VPC network? (Choose two.)

• A.A rule that allows all outbound connections
• B.A rule that denies all inbound connections
• C.A rule that blocks all inbound port 25 connections
• D.A rule that blocks all outbound connections
• E.A rule that allows all inbound port 80 connections

Comment: *

Name: *

Email: *

Verification: *

Your company is deploying their applications on Google Kubernetes Engine. You want to follow Google-recommended practices. What should you do to ensure that the container images used for new deployments contain the latest security patches?

• A.Use Google-managed base images for all containers.
• B.Use Container Analysis to detect vulnerabilities in images.
• C.Use an update script as part of every container image startup.
• D.Use exclusively private images in Container Registry.

Comment: *

Name: *

Email: *

Verification: *

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy.
What should the customer do to meet these requirements?

• A.Make sure that the ERP system can validate the identity headers in the HTTP requests.
• B.Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
• C.Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
• D.Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

Comment: *

Name: *

Email: *

Verification: *

A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack.
Which solution should this customer use?

• A.Cloud Identity-Aware Proxy
• B.Cloud Armor
• C.VPC Flow Logs
• D.DNS Security Extensions

Comment: *

Name: *

Email: *

Verification: *

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?

• A.Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project.Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• B.Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• C.Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
• D.Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Comment: *

Name: *

Email: *

Verification: *