Google Cloud Certified - Professional Cloud Security Engineer - Professional-Cloud-Security-Engineer무료 덤프문제 풀어보기
Your company's storage team manages all product images within a specific Google Cloud project. To maintain control, you must isolate access to Cloud Storage for this project, allowing the storage team to manage restrictions at the project level. They must be restricted to using corporate computers. What should you do?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?
What should you do?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
Your company is deploying a three-tier web application-web, application, and database-on Google Cloud.
You need to configure network isolation between tiers to minimize the attack surface. The web tier needs to be accessible from the public internet, the application tier should only be accessible from the web tier, and the database tier should only be accessible from the application tier. Your solution must follow Google- recommended practices. What should you do?
You need to configure network isolation between tiers to minimize the attack surface. The web tier needs to be accessible from the public internet, the application tier should only be accessible from the web tier, and the database tier should only be accessible from the application tier. Your solution must follow Google- recommended practices. What should you do?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
Your company has deployed an artificial intelligence model in a central project. This model has a lot of sensitive intellectual property and must be kept strictly isolated from the internet. You must expose the model endpoint only to a defined list of projects in your organization. What should you do?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
Your Google Cloud environment has one organization node, one folder named Apps." and several projects within that folder The organizational node enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the terramearth.com organization The "Apps" folder enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the flowlogistic.com organization. It also has the inheritFromParent: false property.
You attempt to grant access to a project in the Apps folder to the user [email protected].
What is the result of your action and why?
You attempt to grant access to a project in the Apps folder to the user [email protected].
What is the result of your action and why?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
You are migrating an application into the cloud The application will need to read data from a Cloud Storage bucket. Due to local regulatory requirements, you need to hold the key material used for encryption fully under your control and you require a valid rationale for accessing the key material.
What should you do?
What should you do?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
You need to connect your organization's on-premises network with an existing Google Cloud environment that includes one Shared VPC with two subnets named Production and Non-Production. You are required to:
Use a private transport link.
Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.
Ensure that Google Cloud APIs are only consumed via VPC Service Controls.
What should you do?
Use a private transport link.
Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.
Ensure that Google Cloud APIs are only consumed via VPC Service Controls.
What should you do?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.
What should you do?
What should you do?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
You are a consultant for an organization that is considering migrating their data from its private cloud to Google Cloud. The organization's compliance team is not familiar with Google Cloud and needs guidance on how compliance requirements will be met on Google Cloud. One specific compliance requirement is for customer data at rest to reside within specific geographic boundaries. Which option should you recommend for the organization to meet their data residency requirements on Google Cloud?
정답: B
설명: (Fast2test 회원만 볼 수 있음)
Your company's detection and response team requires break-glass access to the Google Cloud organization in the event of a security investigation. At the end of each day, all security group membership is removed. You need to automate user provisioning to a Cloud Identity security group. You have created a service account to provision group memberships. Your solution must follow Google-recommended practices and comply with the principle of least privilege. What should you do?
정답: C
설명: (Fast2test 회원만 볼 수 있음)