A customer's internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK).
How should the team complete this task?

• A.Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same bucket.
• B.Use the gsutil command line tool to upload the object to Cloud Storage, and specify the location of the encryption key.
• C.Generate an encryption key in the Google Cloud Platform Console, and upload an object to Cloud Storage using the specified key.
• D.Encrypt the object, then use the gsutil command line tool or the Google Cloud Platform Console to upload the object to Cloud Storage.

Comment: *

Name: *

Email: *

Verification: *

An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.
Which Cloud Data Loss Prevention API technique should you use to accomplish this?

• A.CryptoHashConfig
• B.Generalization
• C.Redaction
• D.CryptoReplaceFfxFpeConfig

Comment: *

Name: *

Email: *

Verification: *

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

• A.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
• B.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
• C.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
• D.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Comment: *

Name: *

Email: *

Verification: *

Which Google Cloud service should you use to enforce access control policies for applications and resources?

• A.Cloud NAT
• B.Shielded VMs
• C.Identity-Aware Proxy
• D.Google Cloud Armor

Comment: *

Name: *

Email: *

Verification: *

You will create a new Service Account that should be able to list the Compute Engine instances in the project.
You want to follow Google-recommended practices.
What should you do?

• A.Give the Service Account the role of Compute Viewer, and use the new Service Account for all instances.
• B.Create a custom role with the permission compute.instances.listand grant the Service Account this role.
• C.Give the Service Account the role of Project Viewer, and use the new Service Account for all instances.
• D.Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.

Comment: *

Name: *

Email: *

Verification: *