An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in Google Cloud Platform (GCP), and where Google's responsibility lies. They are mostly running workloads using Google Cloud's Platform-as-a-Service (PaaS) offerings, including App Engine primarily.
Which one of these areas in the technology stack would they need to focus on as their primary responsibility when using App Engine?

• A.Configuring and monitoring VPC Flow Logs
• B.Defending against XSS and SQLi attacks
• C.Manage the latest updates and security patches for the Guest OS
• D.Encrypting all stored data

Comment: *

Name: *

Email: *

Verification: *

You are deploying a web application hosted on Compute Engine. A business requirement mandates that application logs are preserved for 12 years and data is kept within European boundaries. You want to implement a storage solution that minimizes overhead and is cost-effective. What should you do?

• A.Create a Cloud Storage bucket to store your logs in the EUROPE-WEST1 region. Modify your application code to ship logs directly to your bucket for increased efficiency.
• B.Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years.
• C.Use a Pub/Sub topic to forward your application logs to a Cloud Storage bucket in the EUROPE-WEST1 region.
• D.Configure a custom retention policy of 12 years on your Google Cloud's operations suite log bucket in the EUROPE-WEST1 region.

Comment: *

Name: *

Email: *

Verification: *

Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.
How should your team design this network?

• A.Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
• B.Create a different subnet for the frontend application and database to ensure network isolation.
• C.Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
• D.Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.

Comment: *

Name: *

Email: *

Verification: *

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

• A.Configure the project with Shared VPC.
• B.Configure the project with Cloud VPN.
• C.Configure the project with Cloud Interconnect.
• D.Configure the project with VPC peering.
• E.Configure all Compute Engine instances with Private Access.

Comment: *

Name: *

Email: *

Verification: *

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

• A.Send all logs to the SIEM system via an existing protocol such as syslog.
• B.Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system.
• C.Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow.
• D.Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs.

Comment: *

Name: *

Email: *

Verification: *