When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

• A.Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.
• B.Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.
• C.Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.
• D.Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Comment: *

Name: *

Email: *

Verification: *

You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive dat a. Your solution has the following requirements:
Schedule key rotation for sensitive data.
Control which region the encryption keys for sensitive data are stored in.
Minimize the latency to access encryption keys for both sensitive and non-sensitive data.
What should you do?

• A.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
• B.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.
• C.Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
• D.Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.

Comment: *

Name: *

Email: *

Verification: *

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

• A.Configure the project with Cloud VPN.
• B.Configure the project with Shared VPC.
• C.Configure the project with Cloud Interconnect.
• D.Configure the project with VPC peering.
• E.Configure all Compute Engine instances with Private Access.

Comment: *

Name: *

Email: *

Verification: *

An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization's risk team wants to ensure that network security controls are maintained and effective in G Suite. A security architect supporting this migration has been asked to ensure that network security controls are in place as part of the new shared responsibility model between the organization and Google Cloud.
What solution would help meet the requirements?

• A.Ensure that firewall rules are in place to meet the required controls.
• B.Set up an array of Virtual Private Cloud (VPC) networks to control network security as mandated by the relevant regulation.
• C.Network security is a built-in solution and Google's Cloud responsibility for SaaS products like G Suite.
• D.Set up Cloud Armor to ensure that network security controls can be managed for G Suite.

Comment: *

Name: *

Email: *

Verification: *

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?

• A.Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• B.Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network.
  Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
• C.Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project. Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• D.Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Comment: *

Name: *

Email: *

Verification: *