You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

• A.Google Cloud Platform: Customer Responsibility Matrix
• B.PCI DSS Requirements and Security Assessment Procedures
• C.PCI SSC Cloud Computing Guidelines
• D.Product documentation for Compute Engine

Comment: *

Name: *

Email: *

Verification: *

While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

• A.Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.
• B.Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
• C.Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
• D.Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.

Comment: *

Name: *

Email: *

Verification: *

You are asked to recommend a solution to store and retrieve sensitive configuration data from an application that runs on Compute Engine. Which option should you recommend?

• A.Compute Engine custom metadata
• B.Compute Engine guest attributes
• C.Cloud Key Management Service
• D.Secret Manager

Comment: *

Name: *

Email: *

Verification: *

You are deploying regulated workloads on Google Cloud. The regulation has data residency and data access requirements. It also requires that support is provided from the same geographical location as where the data resides.
What should you do?

• A.Enable Access Transparency Logging.
• B.Deploy resources only to regions permitted by data residency requirements
• C.Use Data Access logging and Access Transparency logging to confirm that no users are accessing data from another region.
• D.Deploy Assured Workloads.

Comment: *

Name: *

Email: *

Verification: *

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised. What should you do?

• A.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.
• B.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.
• C.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.
• D.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

Comment: *

Name: *

Email: *

Verification: *