Your organization recently deployed a new application on Google Kubernetes Engine. You need to deploy a solution to protect the application. The solution has the following requirements:
Scans must run at least once per week
Must be able to detect cross-site scripting vulnerabilities
Must be able to authenticate using Google accounts
Which solution should you use?

• A.Container Threat Detection
• B.Web Security Scanner
• C.Google Cloud Armor
• D.Security Health Analytics

Comment: *

Name: *

Email: *

Verification: *

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

• A.Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs.
• B.Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow.
• C.Send all logs to the SIEM system via an existing protocol such as syslog.
• D.Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system.

Comment: *

Name: *

Email: *

Verification: *

A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?

• A.Use Puppet or Chef to push out the patch to the running container.
• B.Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.
• C.Update the application code or apply a patch, build a new image, and redeploy it.
• D.Configure containers to automatically upgrade when the base image is available in Container Registry.

Comment: *

Name: *

Email: *

Verification: *

You perform a security assessment on a customer architecture and discover that multiple VMs have public IP addresses. After providing a recommendation to remove the public IP addresses, you are told those VMs need to communicate to external sites as part of the customer's typical operations. What should you recommend to reduce the need for public IP addresses in your customer's VMs?

• A.Google Cloud Armor
• B.Cloud NAT
• C.Cloud Router
• D.Cloud VPN

Comment: *

Name: *

Email: *

Verification: *

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

• A.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.
• B.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.
• C.In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.
• D.In Resource Manager, edit the organization permissions. Add the project ID as member with the role:
  Compute Image User.

Comment: *

Name: *

Email: *

Verification: *