Your team wants to limit users with administrative privileges at the organization level.
Which two roles should your team restrict? (Choose two.)

• A.Organization Administrator
• B.Super Admin
• C.GKE Cluster Admin
• D.Compute Admin
• E.Organization Role Viewer

Comment: *

Name: *

Email: *

Verification: *

A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location.
Which solution will restrict access to the in-progress sites?

• A.Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.
• B.Upload an .htaccess file containing the customer and employee user accounts to App Engine.
• C.Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.
• D.Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network.

Comment: *

Name: *

Email: *

Verification: *

Which two implied firewall rules are defined on a VPC network? (Choose two.)

• A.A rule that allows all outbound connections
• B.A rule that denies all inbound connections
• C.A rule that blocks all inbound port 25 connections
• D.A rule that blocks all outbound connections
• E.A rule that allows all inbound port 80 connections

Comment: *

Name: *

Email: *

Verification: *

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?

• A.Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
• B.Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
• C.Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.
• D.Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Comment: *

Name: *

Email: *

Verification: *

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.
What should you do?

• A.Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.
• B.Create a KeyRing per persistent disk, with each Keying containing a single Key. Manage the IAM permissions at the Key level.
• C.Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.
• D.Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the KeyRing level.

Comment: *

Name: *

Email: *

Verification: *