You are a consultant for an organization that is considering migrating their data from its private cloud to Google Cloud. The organization's compliance team is not familiar with Google Cloud and needs guidance on how compliance requirements will be met on Google Cloud. One specific compliance requirement is for customer data at rest to reside within specific geographic boundaries. Which option should you recommend for the organization to meet their data residency requirements on Google Cloud?

• A.Organization Policy Service constraints
• B.Shielded VM instances
• C.Access control lists
• D.Geolocation access controls
• E.Google Cloud Armor

Comment: *

Name: *

Email: *

Verification: *

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised.
What should you do?

• A.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.
• B.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.
• C.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.
• D.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

Comment: *

Name: *

Email: *

Verification: *

Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.
What should you do?

• A.Use the Cloud Key Management Service to manage the data encryption key (DEK).
• B.Use the Cloud Key Management Service to manage the key encryption key (KEK).
• C.Use customer-supplied encryption keys to manage the data encryption key (DEK).
• D.Use customer-supplied encryption keys to manage the key encryption key (KEK).

Comment: *

Name: *

Email: *

Verification: *

Your company requires the security and network engineering teams to identify all network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and traffic between VMs to Google Cloud services in production. Which method should you use?

• A.Enable VPC Flow Logs on the subnet.
• B.Define an organization policy constraint.
• C.Configure packet mirroring policies.
• D.Monitor and analyze Cloud Audit Logs.

Comment: *

Name: *

Email: *

Verification: *

As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.
Which cost reduction options should you recommend?

• A.Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.
• B.Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.
• C.Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.
• D.Use FindingLimits and TimespanContfig to sample data and minimize transformation units.

Comment: *

Name: *

Email: *

Verification: *