An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization's production environment will remain on-premises for an indefinite time. The organization wants a scalable and cost-efficient solution.
Which GCP solution should the organization use?

• A.Cloud Datastore using regularly scheduled batch upload jobs
• B.Compute Engine Virtual Machines using Persistent Disk
• C.Cloud Storage using a scheduled task and gsutil
• D.BigQuery using a data pipeline job with continuous updates

Comment: *

Name: *

Email: *

Verification: *

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?

• A.Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
• B.Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project.
  Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• C.Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• D.Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Comment: *

Name: *

Email: *

Verification: *

A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities.
Which service should be used to accomplish this?

• A.Google Cloud Audit Logs
• B.Forseti Security
• C.Cloud Armor
• D.Cloud Security Scanner

Comment: *

Name: *

Email: *

Verification: *

You are tasked with exporting and auditing security logs for login activity events for Google Cloud console and API calls that modify configurations to Google Cloud resources. Your export must meet the following requirements:
Export related logs for all projects in the Google Cloud organization.
Export logs in near real-time to an external SIEM.
What should you do? (Choose two.)

• A.Create a Log Sink at the organization level with the includeChildren parameter, and set the destination to a Pub/Sub topic.
• B.Enable Data Access audit logs at the organization level to apply to all projects.
• C.Create a Log Sink at the organization level with a Pub/Sub destination.
• D.Ensure that the SIEM processes the AuthenticationInfo field in the audit log entry to gather identity information.
• E.Enable Google Workspace audit logs to be shared with Google Cloud in the Admin Console.

Comment: *

Name: *

Email: *

Verification: *

Which two security characteristics are related to the use of VPC peering to connect two VPC networks?
(Choose two.)

• A.Central management of routes, firewalls, and VPNs for peered networks
• B.Ability to peer networks that belong to different Google Cloud Platform organizations
• C.Firewall rules that can be created with a tag from one peered network to another peered network
• D.Ability to share specific subnets across peered networks
• E.Non-transitive peered networks; where only directly peered networks can communicate

Comment: *

Name: *

Email: *

Verification: *