Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

• A.Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
• B.Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
• C.Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
• D.Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Comment: *

Name: *

Email: *

Verification: *

A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?

• A.Use Cloud Build to build the container images.
• B.Build small containers using small base images.
• C.Delete non-used versions from Container Registry.
• D.Use a Continuous Delivery tool to deploy the application.

Comment: *

Name: *

Email: *

Verification: *

You are the project owner for a regulated workload that runs in a project you own and manage as an Identity and Access Management (IAM) admin. For an upcoming audit, you need to provide access reviews evidence. Which tool should you use?

• A.Policy Troubleshooter
• B.Policy Analyzer
• C.IAM Recommender
• D.Policy Simulator

Comment: *

Name: *

Email: *

Verification: *

You are migrating an application into the cloud The application will need to read data from a Cloud Storage bucket. Due to local regulatory requirements, you need to hold the key material used for encryption fully under your control and you require a valid rationale for accessing the key material.
What should you do?

• A.Encrypt the data in the Cloud Storage bucket by using Customer Managed Encryption Keys. Configure an 1AM deny policy for unauthorized groups
• B.Encrypt the data in the Cloud Storage bucket by using Customer Managed Encryption Keys backed by a Cloud Hardware Security Module (HSM). Enable data access logs.
• C.Generate a key in your on-premises environment and store it in a Hardware Security Module (HSM) that is managed on-premises Use this key as an external key in the Cloud Key Management Service (KMS).
  Activate Key Access Justifications (KAJ) and set the external key system to reject unauthorized accesses.
• D.Generate a key in your on-premises environment to encrypt the data before you upload the data to the Cloud Storage bucket Upload the key to the Cloud Key ManagementService (KMS). Activate Key Access Justifications (KAJ) and have the external key system reject unauthorized accesses.

Comment: *

Name: *

Email: *

Verification: *

A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple projects managed by different departments. You want to have a historical record of what was running in Google Cloud Platform at any point in time.
What should you do?

• A.Use Resource Manager on the organization level.
• B.Use Forseti Security to automate inventory snapshots.
• C.Use Stackdriver to create a dashboard across all projects.
• D.Use Security Command Center to view all assets across the organization.

Comment: *

Name: *

Email: *

Verification: *