A company's application is deployed with a user-managed Service Account key. You want to use Google- recommended practices to rotate the key.
What should you do?

• A.Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam- account=IAM_ACCOUNT.
• B.Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam- account=IAM_ACCOUNT
  --key=NEW_KEY.
• C.Create a new key, and use the new key in the application. Delete the old key from the Service Account.
• D.Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys.
Which boot disk encryption solution should you use on the cluster to meet this customer's requirements?

• A.Customer-supplied encryption keys (CSEK)
• B.Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
• C.Encryption by default
• D.Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis

Comment: *

Name: *

Email: *

Verification: *

You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?

• A.Use VPN for all connections between your office and cloud environments.
• B.Use multi-factor authentication for admin access to the web application.
• C.Move the cardholder data environment into a separate GCP project.
• D.Use only applications certified compliant with PA-DSS.

Comment: *

Name: *

Email: *

Verification: *

A customer's company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions.
Which strategy should you use to meet these needs?

• A.Establish standalone projects for each business unit, using gmail.com accounts.
• B.Assign GCP resources in a VPC for each business unit to separate network access.
• C.Assign GCP resources in a project, with a label identifying which business unit owns the resource.
• D.Create an organization node, and assign folders for each business unit.

Comment: *

Name: *

Email: *

Verification: *

You are a security administrator at your company and are responsible for managing access controls (identification, authentication, and authorization) on Google Cloud. Which Google-recommended best practices should you follow when configuring authentication and authorization? (Choose two.)

• A.Use Google default encryption.
• B.Provide granular access with predefined roles.
• C.Provision users with basic roles using Google's Identity and Access Management (1AM) service.
• D.Manually add users to Google Cloud.
• E.Use SSO/SAML integration with Cloud Identity for user authentication and user lifecycle management.

Comment: *

Name: *

Email: *

Verification: *