A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over at least two geographic places.
Which Storage solution are they allowed to use?

• A.Cloud Bigtable
• B.Cloud BigQuery
• C.Compute Engine SSD Disk
• D.Compute Engine Persistent Disk

Comment: *

Name: *

Email: *

Verification: *

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.
What should you do?

• A.Query Data Access logs.
• B.Query Admin Activity logs.
• C.Query Access Transparency logs.
• D.Query Stackdriver Monitoring Workspace.

Comment: *

Name: *

Email: *

Verification: *

A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned.
What should the customer do?

• A.Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.
• B.Use the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.
• C.Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.
• D.Configure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.

Comment: *

Name: *

Email: *

Verification: *

While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

• A.Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
• B.Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
• C.Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
• D.Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Comment: *

Name: *

Email: *

Verification: *

In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching and UDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standard Which options should you recommend to meet the requirements?

• A.Encrypt all cache storage and VM-to-VM communication using the BoringCrypto module.
• B.Set Disk Encryption on the Instance Template used by the MIG to customer-managed key and use BoringSSL for all data transit between instances.
• C.Set Disk Encryption on the Instance Template used by the MIG to Google-managed Key and use BoringSSL library on all instance-to-instance communications.
• D.Change the app instance-to-instance communications from UDP to TCP and enable BoringSSL on clients' TLS connections.

Comment: *

Name: *

Email: *

Verification: *