Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.
What should you do?

• A.1. In BigQuery, select the related dataset.
  2. Make sure the App Engine Default Service Account is the only account that can write to the dataset.
• B.1. Use StackDriver Logging and filter on BigQuery Insert Jobs.
  2.Click on the email address in line with the App Engine Default Service Account in the authentication field.
  3.Click Hide Matching Entries.
  4.Make sure the resulting list is empty.
• C.1. Go to the IAM section on the project.
  2. Validate that the App Engine Default Service Account is the only account that has a role that can write to BigQuery.
• D.1. Use StackDriver Logging and filter on BigQuery Insert Jobs.
  2.Click on the email address in line with the App Engine Default Service Account in the authentication field.
  3.Click Show Matching Entries.
  4.Make sure the resulting list is empty.

Comment: *

Name: *

Email: *

Verification: *

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

• A.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
• B.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
• C.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
• D.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Comment: *

Name: *

Email: *

Verification: *

Which international compliance standard provides guidelines for information security controls applicable to the provision and use of cloud services?

• A.ISO 27017
• B.ISO 27001
• C.ISO 27002
• D.ISO 27018

Comment: *

Name: *

Email: *

Verification: *

Your organization is transitioning to Google Cloud You want to ensure that only trusted container images are deployed on Google Kubernetes Engine (GKE) clusters in a project. The containers must be deployed from a centrally managed. Container Registry and signed by a trusted authority.
What should you do?
Choose 2 answers

• A.Configure the trusted image organization policy constraint for the project.
• B.Enable Container Threat Detection in the Security Command Center (SCC) for the project.
• C.Configure the Binary Authorization policy with respective attestations for the project.
• D.Enable Pod Security standards and set them to Restricted.
• E.Create a custom organization policy constraint to enforce Binary Authorization for Google Kubernetes Engine (GKE).

Comment: *

Name: *

Email: *

Verification: *

A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?

• A.Use Puppet or Chef to push out the patch to the running container.
• B.Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.
• C.Update the application code or apply a patch, build a new image, and redeploy it.
• D.Configure containers to automatically upgrade when the base image is available in Container Registry.

Comment: *

Name: *

Email: *

Verification: *