A database administrator notices malicious activities within their Cloud SQL instance. The database administrator wants to monitor the API calls that read the configuration or metadata of resources. Which logs should the database administrator review?

• A.Admin Activity
• B.System Event
• C.Access Transparency
• D.Data Access

Comment: *

Name: *

Email: *

Verification: *

You want to protect the default VPC network from all inbound and outbound internet traffic. What action should you take?

• A.Create a Deny All inbound internet firewall rule.
• B.Create a Deny All outbound internet firewall rule.
• C.Create a new subnet in the VPC network with private Google access enabled.
• D.Create instances without external IP addresses only.

Comment: *

Name: *

Email: *

Verification: *

Your DevOps team uses Packer to build Compute Engine images by using this process:
1 Create an ephemeral Compute Engine VM.
2 Copy a binary from a Cloud Storage bucket to the VM's file system.
3 Update the VM's package manager.
4 Install external packages from the internet onto the VM.
Your security team just enabled the organizational policy. consrraints/compure.vnExtemallpAccess. to restrict the usage of public IP Addresses on VMs. In response your DevOps team updated their scripts to remove public IP addresses on the Compute Engine VMs however the build pipeline is failing due to connectivity issues.
What should you do?
Choose 2 answers

• A.Provision an HTTP load balancer with the VM in an unmanaged instance group to allow inbound connections from the internet to your VM.
• B.Enable Private Google Access on the subnet that the Compute Engine VM is deployed within.
• C.Provision a Cloud VPN tunnel in the same VPC and region as the Compute Engine VM.
• D.Update the VPC routes to allow traffic to and from the internet.
• E.Provision a Cloud NAT instance in the same VPC and region as the Compute Engine VM

Comment: *

Name: *

Email: *

Verification: *

As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.
Which cost reduction options should you recommend?

• A.Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.
• B.Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.
• C.Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.
• D.Use FindingLimits and TimespanContfig to sample data and minimize transformation units.

Comment: *

Name: *

Email: *

Verification: *

A company's application is deployed with a user-managed Service Account key. You want to use Google- recommended practices to rotate the key.
What should you do?

• A.Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam- account=IAM_ACCOUNT.
• B.Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam- account=IAM_ACCOUNT --key=NEW_KEY.
• C.Create a new key, and use the new key in the application. Delete the old key from the Service Account.
• D.Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

Comment: *

Name: *

Email: *

Verification: *