A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?
You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?
As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.
Which cost reduction options should you recommend?
You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive data. You need to meet these requirements;
* Manage the data encryption key (DEK) outside the Google Cloud boundary.
* Maintain full control of encryption keys through a third-party provider.
* Encrypt the sensitive data before uploading it to Cloud Storage
* Decrypt the sensitive data during processing in the Compute Engine VMs
* Encrypt the sensitive data in memory while in use in the Compute Engine VMs What should you do?
Choose 2 answers
You need to centralize your team's logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2024-03-24.q252 Dumps
