A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

• A.Configure the project with Cloud VPN.
• B.Configure the project with Shared VPC.
• C.Configure the project with Cloud Interconnect.
• D.Configure the project with VPC peering.
• E.Configure all Compute Engine instances with Private Access.

Comment: *

Name: *

Email: *

Verification: *

A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by the administrator.
What should you do?

• A.Use Cloud Pub/Sub and Cloud Functions to trigger a Data Loss Prevention scan every time a file is uploaded to the shared bucket. If the scan detects PII, have the function move into a Cloud Storage bucket only accessible by the administrator.
• B.Upload the logs to both the shared bucket and the bucket only accessible by the administrator. Create a job trigger using the Cloud Data Loss Prevention API. Configure the trigger to delete any files from the shared bucket that contain PII.
• C.On the bucket shared with both the analysts and the administrator, configure Object Lifecycle Management to delete objects that contain any PII.
• D.On the bucket shared with both the analysts and the administrator, configure a Cloud Storage Trigger that is only triggered when PII data is uploaded. Use Cloud Functions to capture the trigger and delete such files.

Comment: *

Name: *

Email: *

Verification: *

Your organization is rolling out a new continuous integration and delivery (CI/CD) process to deploy infrastructure and applications in Google Cloud Many teams will use their own instances of the CI/CD workflow It will run on Google Kubernetes Engine (GKE) The CI/CD pipelines must be designed to securely access Google Cloud APIs What should you do?

• A.*1 Create two service accounts one for the infrastructure and one for the application deployment
  *2 Use workload identities to let the pods run the two pipelines and authenticate with the service accounts
  *3 Run the infrastructure and application pipelines in separate namespaces
• B.*1 Create a dedicated service account for the CI/CD pipelines
  *2 Run the deployment pipelines in a dedicated nodes pool in the GKE cluster
  *3 Use the service account that you created as identity for the nodes in the pool to authenticate to the Google Cloud APIs
• C.* 1 Create individual service accounts (or each deployment pipeline
  *2 Add an identifier for the pipeline in the service account naming convention
  *3 Ensure each pipeline runs on dedicated pods
  *4 Use workload identity to map a deployment pipeline pod with a service account
• D.*1 Create service accounts for each deployment pipeline
  *2 Generate private keys for the service accounts
  *3 Securely store the private keys as Kubernetes secrets accessible only by the pods that run the specific deploy pipeline

Comment: *

Name: *

Email: *

Verification: *

An organization receives an increasing number of phishing emails.
Which method should be used to protect employee credentials in this situation?

• A.Captcha on login pages
• B.A strict password policy
• C.Encrypted emails
• D.Multifactor Authentication

Comment: *

Name: *

Email: *

Verification: *

You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive dat a. Your solution has the following requirements:
Schedule key rotation for sensitive data.
Control which region the encryption keys for sensitive data are stored in.
Minimize the latency to access encryption keys for both sensitive and non-sensitive data.
What should you do?

• A.Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
• B.Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.
• C.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
• D.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.

Comment: *

Name: *

Email: *

Verification: *