You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV.
You want to minimize risk. What should you do?

• A.On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.
• B.On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.
• C.On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account Ask the user to update their second factor, and then re-enable 2SV for this account.
• D.On the Google Admin console, use a super administrator account to reset the user account's credentials.
  Ask the user to update their credentials after their first login.

Comment: *

Name: *

Email: *

Verification: *

A customer is collaborating with another company to build an application on Compute Engine.
The customer is building the application tier in their GCP Organization, and the other company is building the storage tier in a different GCP Organization. This is a 3-tier web application.
Communication between portions of the application must not traverse the public internet by any means.
Which connectivity option should be implemented?

• A.Cloud VPN
• B.Cloud Interconnect
• C.VPC peering
• D.Shared VPC

Comment: *

Name: *

Email: *

Verification: *

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

• A.Public IP
• B.IAM Network User Role
• C.Static routes
• D.IP Forwarding
• E.Private Google Access

Comment: *

Name: *

Email: *

Verification: *

What are the steps to encrypt data using envelope encryption?
A.Generate a data encryption key (DEK) locally.
* Use a key encryption key (KEK) to wrap the DEK.
* Encrypt data with the KEK.
* Store the encrypted data and the wrapped KEK.
B.Generate a key encryption key (KEK) locally.
* Use the KEK to generate a data encryption key (DEK).
* Encrypt data with the DEK.
* Store the encrypted data and the wrapped DEK.
C.Generate a data encryption key (DEK) locally.
* Encrypt data with the DEK.
* Use a key encryption key (KEK) to wrap the DEK.
* Store the encrypted data and the wrapped DEK.
D.Generate a key encryption key (KEK) locally.
* Generate a data encryption key (DEK) locally.
* Encrypt data with the KEK.
* Store the encrypted data and the wrapped DEK.

Comment: *

Name: *

Email: *

Verification: *

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.
How should you advise this organization?

• A.Use Forseti with Firewall filters to catch any unwanted configurations in production.
• B.Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
• C.Route all VPC traffic through customer-managed routers to detect malicious patterns in production.
• D.All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Comment: *

Name: *

Email: *

Verification: *