A customer wants to use Cloud Identity as their primary IdP. The customer wants to use other non-GCP SaaS products for CRM, messaging, and customer ticketing management. The customer also wants to improve employee experience with Single Sign-On (SSO) capabilities to securely access GCP and non-GCP applications. Only authorized individuals should be able to access these third-party applications. What action should the customer take to meet these requirements?

• A.Remove the employee from Cloud Identity, set the correct license for the individuals, and resync them to Cloud Identity for the changes to take effect.
• B.Configure third-party applications to federate authentication and authorization to the GCP IdP.
• C.Remove the individuals from the third-party applications, add the license to Cloud Identity, and resync the individuals back to the third-party applications.
• D.Copy user personas from Cloud Identity to all third-party applications for the domain.

Comment: *

Name: *

Email: *

Verification: *

A retail customer allows users to upload comments and product reviews. The customer needs to make sure the text does not include sensitive data before the comments or reviews are published.
Which Google Cloud Service should be used to achieve this?

• A.Cloud Data Loss Prevention API
• B.BigQuery
• C.Cloud Security Scanner
• D.Cloud Key Management Service

Comment: *

Name: *

Email: *

Verification: *

While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

• A.Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
• B.Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
• C.Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
• D.Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The networking and security teams have decided that no VMs may reach the public internet.
How should this be accomplished?

• A.Provision a NAT Gateway to access the Cloud Storage API endpoint.
• B.Mount a Cloud Storage bucket as a local filesystem on every VM.
• C.Create a firewall rule to block internet traffic from the VM.
• D.Enable Private Google Access on the VPC.

Comment: *

Name: *

Email: *

Verification: *

A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.
Which product should be used to meet these requirements?

• A.Cloud CDN
• B.Cloud Armor
• C.Cloud Identity and Access Management
• D.VPC Firewall Rules

Comment: *

Name: *

Email: *

Verification: *