Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

• A.Public IP
• B.IP Forwarding
• C.Private Google Access
• D.Static routes
• E.IAM Network User Role

Comment: *

Name: *

Email: *

Verification: *

Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements:
* The Cloud Storage bucket in Project A can only be readable from Project B.
* The Cloud Storage bucket in Project A cannot be accessed from outside the network.
* Data in the Cloud Storage bucket cannot be copied to an external Cloud Storage bucket.
What should the security team do?

• A.Enable domain restricted sharing in an organization policy, and enable uniform bucket-level access on the Cloud Storage bucket.
• B.Enable VPC Service Controls, create a perimeter around Projects A and B. and include the Cloud Storage API in the Service Perimeter configuration.
• C.Enable Private Access in both Project A and B's networks with strict firewall rules that allow communication between the networks.
• D.Enable VPC Peering between Project A and B's networks with strict firewall rules that allow communication between the networks.

Comment: *

Name: *

Email: *

Verification: *

You are the project owner for a regulated workload that runs in a project you own and manage as an Identity and Access Management (IAM) admin. For an upcoming audit, you need to provide access reviews evidence. Which tool should you use?

• A.Policy Troubleshooter
• B.Policy Analyzer
• C.IAM Recommender
• D.Policy Simulator

Comment: *

Name: *

Email: *

Verification: *

You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?

• A.On the Google Admin console, use a super administrator account to reset the user account's credentials. Ask the user to update their credentials after their first login.
• B.On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account Ask the user to update their second factor, and then re-enable 2SV for this account.
• C.On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.
• D.On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.

Comment: *

Name: *

Email: *

Verification: *

You are deploying a web application hosted on Compute Engine. A business requirement mandates that application logs are preserved for 12 years and data is kept within European boundaries. You want to implement a storage solution that minimizes overhead and is cost-effective. What should you do?

• A.Configure a custom retention policy of 12 years on your Google Cloud's operations suite log bucket in the EUROPE-WEST1 region.
• B.Create a Cloud Storage bucket to store your logs in the EUROPE-WEST1 region. Modify your application code to ship logs directly to your bucket for increased efficiency.
• C.Use a Pub/Sub topic to forward your application logs to a Cloud Storage bucket in the EUROPE-WEST1 region.
• D.Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years.

Comment: *

Name: *

Email: *

Verification: *