You want to protect the default VPC network from all inbound and outbound internet traffic. What action should you take?

• A.Create a Deny All inbound internet firewall rule.
• B.Create a Deny All outbound internet firewall rule.
• C.Create a new subnet in the VPC network with private Google access enabled.
• D.Create instances without external IP addresses only.

Comment: *

Name: *

Email: *

Verification: *

As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.
Which cost reduction options should you recommend?

• A.Use FindingLimits and TimespanContfig to sample data and minimize transformation units.
• B.Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.
• C.Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.
• D.Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.

Comment: *

Name: *

Email: *

Verification: *

You manage your organization's Security Operations Center (SOC). You currently monitor and detect network traffic anomalies in your Google Cloud VPCs based on packet header information. However, you want the capability to explore network flows and their payload to aid investigations. Which Google Cloud product should you use?

• A.Marketplace IDS
• B.Google Cloud Armor Deep Packet Inspection
• C.VPC Flow Logs
• D.Packet Mirroring
• E.VPC Service Controls logs

Comment: *

Name: *

Email: *

Verification: *

A customer wants to grant access to their application running on Compute Engine to write only to a specific Cloud Storage bucket. How should you grant access?

• A.Create a service account for the application, and grant Cloud Storage Object Creator permissions to the project.
• B.Create a service account for the application, and grant Cloud Storage Object Creator permissions at the bucket level.
• C.Create a user account, authenticate with the application, and grant Google Storage Admin permissions at the bucket level.
• D.Create a user account, authenticate with the application, and grant Google Storage Admin permissions at the project leve

Comment: *

Name: *

Email: *

Verification: *

In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching and UDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standard Which options should you recommend to meet the requirements?

• A.Encrypt all cache storage and VM-to-VM communication using the BoringCrypto module.
• B.Change the app instance-to-instance communications from UDP to TCP and enable BoringSSL on clients' TLS connections.
• C.Set Disk Encryption on the Instance Template used by the MIG to customer-managed key and use BoringSSL for all data transit between instances.
• D.Set Disk Encryption on the Instance Template used by the MIG to Google-managed Key and use BoringSSL library on all instance-to-instance communications.

Comment: *

Name: *

Email: *

Verification: *