A customer's internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK).
How should the team complete this task?

• A.Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same bucket.
• B.Use the gsutil command line tool to upload the object to Cloud Storage, and specify the location of the encryption key.
• C.Generate an encryption key in the Google Cloud Platform Console, and upload an object to Cloud Storage using the specified key.
• D.Encrypt the object, then use the gsutil command line tool or the Google Cloud Platform Console to upload the object to Cloud Storage.

Comment: *

Name: *

Email: *

Verification: *

You want to protect the default VPC network from all inbound and outbound internet traffic. What action should you take?

• A.Create a Deny All inbound internet firewall rule.
• B.Create a Deny All outbound internet firewall rule.
• C.Create a new subnet in the VPC network with private Google access enabled.
• D.Create instances without external IP addresses only.

Comment: *

Name: *

Email: *

Verification: *

You have defined subnets in a VPC within Google Cloud Platform. You need multiple projects to create Compute Engine instances with IP addresses from these subnets. What should you do?

• A.Configure Cloud VPN between the projects.
• B.Set up VPC peering between all related projects.
• C.Change the VPC subnets to enable private Google access.
• D.Use Shared VPC to share the subnets with the other projects.

Comment: *

Name: *

Email: *

Verification: *

You are a Security Administrator at your organization. You need to restrict service account creation capability within production environments. You want to accomplish this centrally across the organization. What should you do?

• A.Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.
• B.Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.
• C.Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.
• D.Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.

Comment: *

Name: *

Email: *

Verification: *

You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?

• A.Use multi-factor authentication for admin access to the web application.
• B.Use only applications certified compliant with PA-DSS.
• C.Move the cardholder data environment into a separate GCP project.
• D.Use VPN for all connections between your office and cloud environments.

Comment: *

Name: *

Email: *

Verification: *