A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys.
Which boot disk encryption solution should you use on the cluster to meet this customer's requirements?

• A.Customer-supplied encryption keys (CSEK)
• B.Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
• C.Encryption by default
• D.Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis

Comment: *

Name: *

Email: *

Verification: *

Your company is storing files on Cloud Storage. To comply with local regulations, you want to ensure that uploaded files cannot be deleted within the first 5 years. It should not be possible to lower the retention period after it has been set. What should you do?

• A.Apply a retention period of 5 years to the bucket, and lock the bucket.
• B.Enable Temporary hold and apply a retention period of 5 years to the bucket.
• C.Use Cloud IAM to ensure that nobody has an IAM role that has the permissions to delete files from Cloud Storage.
• D.Create an object lifecycle rule using the Age condition and the Delete action. Set the Age condition to 5 years.

Comment: *

Name: *

Email: *

Verification: *

An organization receives an increasing number of phishing emails.
Which method should be used to protect employee credentials in this situation?

• A.Captcha on login pages
• B.Encrypted emails
• C.Multifactor Authentication
• D.A strict password policy

Comment: *

Name: *

Email: *

Verification: *

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

• A.NAT Gateway
• B.Network Load Balancing
• C.Cloud Armor
• D.SSL Proxy Load Balancing

Comment: *

Name: *

Email: *

Verification: *

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy.
What should the customer do to meet these requirements?

• A.Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
• B.Make sure that the ERP system can validate the identity headers in the HTTP requests.
• C.Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
• D.Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

Comment: *

Name: *

Email: *

Verification: *