A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?

• A.Use Cloud Build to build the container images.
• B.Build small containers using small base images.
• C.Delete non-used versions from Container Registry.
• D.Use a Continuous Delivery tool to deploy the application.

Comment: *

Name: *

Email: *

Verification: *

Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?

• A.Security Reviewer
• B.lAP-Secured Tunnel User
• C.lAP-Secured Web App User
• D.Service Broker Operator

Comment: *

Name: *

Email: *

Verification: *

For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on "in- scope" Nodes only. These Nodes can only contain the "in-scope" Pods.
How should the organization achieve this objective?

• A.Add a nodeSelector field to the pod configuration to only use the Nodes labeled inscope: true.
• B.Create a node pool with the label inscope: true and a Pod Security Policy that only allows the Pods to run on Nodes with that label.
• C.Place a taint on the Nodes with the label inscope: true and effect NoSchedule and a toleration to match in the Pod configuration.
• D.Run all in-scope Pods in the namespace "in-scope-pci".

Comment: *

Name: *

Email: *

Verification: *

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

• A.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
• B.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
• C.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
• D.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Comment: *

Name: *

Email: *

Verification: *

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

• A.Google Cloud Platform: Customer Responsibility Matrix
• B.PCI DSS Requirements and Security Assessment Procedures
• C.PCI SSC Cloud Computing Guidelines
• D.Product documentation for Compute Engine

Comment: *

Name: *

Email: *

Verification: *