Your team creates an ingress firewall rule to allow SSH access from their corporate IP range to a specific bastion host on Compute Engine. Your team wants to make sure that this firewall rule cannot be used by unauthorized engineers who may otherwise have access to manage VMs in the development environment. What should your team do to meet this requirement?

• A.Create the firewall rule with a target of a network tag. Centrally manage access to the tag.
• B.Create the firewall rule with a target of a service account. Centrally manage access to the service account.
• C.Create the firewall rule in a Shared VPC with a target of a network tag.
• D.Create the firewall rule in a Shared VPC with a target of a specific subnet.

Comment: *

Name: *

Email: *

Verification: *

In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.
Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)

• A.App Engine
• B.Google Kubernetes Engine
• C.Cloud Functions
• D.Compute Engine
• E.Cloud Storage

Comment: *

Name: *

Email: *

Verification: *

When creating a secure container image, which two items should you incorporate into the build if possible?
(Choose two.)

• A.Package a single app as a container.
• B.Use public container images as a base image for the app.
• C.Use many container image layers to hide sensitive information.
• D.Remove any unnecessary tools not needed by the app.
• E.Ensure that the app does not run as PID 1.

Comment: *

Name: *

Email: *

Verification: *

Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.
How should your team design this network?

• A.Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
• B.Create a different subnet for the frontend application and database to ensure network isolation.
• C.Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
• D.Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.

Comment: *

Name: *

Email: *

Verification: *

You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket.
What should you do?

• A.Set up an ACL with OWNER permission to a scope of allUsers.
• B.Set up an ACL with READER permission to a scope of allUsers.
• C.Set up a default bucket ACL and manage access for users using IAM.
• D.Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.

Comment: *

Name: *

Email: *

Verification: *