You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket.
What should you do?

• A.Set up an ACL with OWNER permission to a scope of allUsers.
• B.Set up an ACL with READER permission to a scope of allUsers.
• C.Set up a default bucket ACL and manage access for users using IAM.
• D.Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.

Comment: *

Name: *

Email: *

Verification: *

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B.
You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.
What should you do?

• A.Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.
• B.Enable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.
• C.Enable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.
• D.Enable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.

Comment: *

Name: *

Email: *

Verification: *

A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?

• A.Use Cloud Build to build the container images.
• B.Build small containers using small base images.
• C.Delete non-used versions from Container Registry.
• D.Use a Continuous Delivery tool to deploy the application.
  Section: (none)
  Explanation

Comment: *

Name: *

Email: *

Verification: *

A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?

• A.Update the application code or apply a patch, build a new image, and redeploy it.
• B.Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.
• C.Configure containers to automatically upgrade when the base image is available in Container Registry.
• D.Use Puppet or Chef to push out the patch to the running container.

Comment: *

Name: *

Email: *

Verification: *

Which type of load balancer should you use to maintain client IP by default while using the standard network tier?

• A.TCP/UDP Network
• B.TCP Proxy
• C.SSL Proxy
• D.Internal TCP/UDP

Comment: *

Name: *

Email: *

Verification: *