Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service.
Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

• A.Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
• B.Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
• C.Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
• D.Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys.
Which boot disk encryption solution should you use on the cluster to meet this customer's requirements?

• A.Customer-supplied encryption keys (CSEK)
• B.Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
• C.Encryption by default
• D.Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis

Comment: *

Name: *

Email: *

Verification: *

You will create a new Service Account that should be able to list the Compute Engine instances in the project.
You want to follow Google-recommended practices.
What should you do?

• A.Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.
• B.Create a custom role with the permission compute.instances.list and grant the Service Account this role.
• C.Give the Service Account the role of Compute Viewer, and use the new Service Account for all instances.
• D.Give the Service Account the role of Project Viewer, and use the new Service Account for all instances.

Comment: *

Name: *

Email: *

Verification: *

Your company plans to move most of its IT infrastructure to Google Cloud. They want to leverage their existing on-premises Active Directory as an identity provider for Google Cloud. Which two steps should you take to integrate the company's on-premises Active Directory with Google Cloud and configure access management? (Choose two.)

• A.Use Identity Platform to provision users and groups to Google Cloud.
• B.Use Cloud Identity SAML integration to provision users and groups to Google Cloud.
• C.Install Google Cloud Directory Sync and connect it to Active Directory and Cloud Identity.
• D.Create Identity and Access Management (1AM) roles with permissions corresponding to each Active Directory group.
• E.Create Identity and Access Management (1AM) groups with permissions corresponding to each Active Directory group.

Comment: *

Name: *

Email: *

Verification: *

Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?

• A.Security Reviewer
• B.lAP-Secured Tunnel User
• C.lAP-Secured Web App User
• D.Service Broker Operator

Comment: *

Name: *

Email: *

Verification: *