While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

• A.Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
• B.Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
• C.Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
• D.Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Comment: *

Name: *

Email: *

Verification: *

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

• A.Google Cloud Platform: Customer Responsibility Matrix
• B.PCI DSS Requirements and Security Assessment Procedures
• C.PCI SSC Cloud Computing Guidelines
• D.Product documentation for Compute Engine

Comment: *

Name: *

Email: *

Verification: *

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.
What should you do?

• A.Query Data Access logs.
• B.Query Admin Activity logs.
• C.Query Access Transparency logs.
• D.Query Stackdriver Monitoring Workspace.

Comment: *

Name: *

Email: *

Verification: *

You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution:
Must be cloud-native
Must be cost-efficient
Minimize operational overhead
How should you accomplish this? (Choose two.)

• A.Create a Cloud Build pipeline that will monitor changes to your container templates in a Cloud Source Repositories repository. Add a step to analyze Container Analysis results before allowing the build to continue.
• B.Use a cron job on a Compute Engine instance to scan your existing repositories for known vulnerabilities and raise an alert if a non-compliant container image is found.
• C.Use a Cloud Function triggered by log events in Google Cloud's operations suite to automatically scan your container images in Container Registry.
• D.In your CI/CD pipeline, add an attestation on your container image when no vulnerabilities have been found. Use a Binary Authorization policy to block deployments of containers with no attestation in your cluster.
• E.Deploy Jenkins on GKE and configure a CI/CD pipeline to deploy your containers to Container Registry. Add a step to validate your container images before deploying your container to the cluster.

Comment: *

Name: *

Email: *

Verification: *

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised. What should you do?

• A.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.
• B.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.
• C.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.
• D.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.

Comment: *

Name: *

Email: *

Verification: *