A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?

• A.Cloud Identity-Aware Proxy
• B.Cloud Endpoints
• C.Cloud VPN
• D.Cloud Armor

Comment: *

Name: *

Email: *

Verification: *

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.
What should you do?

• A.Query Access Transparency logs.
• B.Query Data Access logs.
• C.Query Admin Activity logs.
• D.Query Stackdriver Monitoring Workspace.

Comment: *

Name: *

Email: *

Verification: *

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

• A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
• B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
• C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
• D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Comment: *

Name: *

Email: *

Verification: *

Your team wants to limit users with administrative privileges at the organization level.
Which two roles should your team restrict? (Choose two.)

• A.Super Admin
• B.Compute Admin
• C.Organization Administrator
• D.Organization Role Viewer
• E.GKE Cluster Admin

Comment: *

Name: *

Email: *

Verification: *

Your company is storing files on Cloud Storage. To comply with local regulations, you want to ensure that uploaded files cannot be deleted within the first 5 years. It should not be possible to lower the retention period after it has been set. What should you do?

• A.Apply a retention period of 5 years to the bucket, and lock the bucket.
• B.Enable Temporary hold and apply a retention period of 5 years to the bucket.
• C.Use Cloud IAM to ensure that nobody has an IAM role that has the permissions to delete files from Cloud Storage.
• D.Create an object lifecycle rule using the Age condition and the Delete action. Set the Age condition to 5 years.

Comment: *

Name: *

Email: *

Verification: *