You are auditing all your Google Cloud resources in the production project. You want to identity all principals who can change firewall rules.
What should you do?

• A.Use Firewall Insights to understand your firewall rules usage patterns.
• B.Reference the Security Health Analytics - Firewall Vulnerability Findings in the Security Command Center.
• C.Use Policy Analyzer lo query the permissions compute, firewalls, create of compute, firewalls. Create of compute,firewalls.delete.
• D.Use Policy Analyzer to query the permissions compute, firewalls, get of compute, firewalls, list.

Comment: *

Name: *

Email: *

Verification: *

When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

• A.Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.
• B.Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.
• C.Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.
• D.Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Comment: *

Name: *

Email: *

Verification: *

A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities.
Which service should be used to accomplish this?

• A.Cloud Armor
• B.Google Cloud Audit Logs
• C.Cloud Security Scanner
• D.Forseti Security

Comment: *

Name: *

Email: *

Verification: *

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

• A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
• B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
• C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
• D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Comment: *

Name: *

Email: *

Verification: *

In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)

• A.Hardware
• B.Network Security
• C.Storage Encryption
• D.Access Policies
• E.Boot

Comment: *

Name: *

Email: *

Verification: *