Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization.
Which logging export strategy should you use to meet the requirements?

• A.1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project.2. Subscribe SIEM to the topic.
• B.1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project.2. Subscribe SIEM to the topic.
• C.1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project.2. Process Cloud Storage objects in SIEM.
• D.1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project.2. Process Cloud Storage objects in SIEM.

Comment: *

Name: *

Email: *

Verification: *

Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process.
What should you do?

• A.Use the Cloud Key Management Service to manage a data encryption key (DEK).
• B.Use the Cloud Key Management Service to manage a key encryption key (KEK).
• C.Use customer-supplied encryption keys to manage the data encryption key (DEK).
• D.Use customer-supplied encryption keys to manage the key encryption key (KEK).

Comment: *

Name: *

Email: *

Verification: *

A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over at least two geographic places.
Which Storage solution are they allowed to use?

• A.Cloud Bigtable
• B.Cloud BigQuery
• C.Compute Engine SSD Disk
• D.Compute Engine Persistent Disk

Comment: *

Name: *

Email: *

Verification: *

You need to set up two network segments: one with an untrusted subnet and the other with a trusted subnet. You want to configure a virtual appliance such as a next-generation firewall (NGFW) to inspect all traffic between the two network segments. How should you design the network to inspect the traffic?

• A.1. Set up two VPC networks: one trusted and the other untrusted.
  2. Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.
• B.1. Set up one VPC with two subnets: one trusted and the other untrusted.
  2. Configure a custom route for all RFC1918 subnets pointed to the virtual appliance.
• C.1. Set up two VPC networks: one trusted and the other untrusted, and peer them together.
  2. Configure a custom route on each network pointed to the virtual appliance.
• D.1. Set up one VPC with two subnets: one trusted and the other untrusted.
  2. Configure a custom route for all traffic (0.0.0.0/0) pointed to the virtual appliance.

Comment: *

Name: *

Email: *

Verification: *

A customer's company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions.
Which strategy should you use to meet these needs?

• A.Assign GCP resources in a project, with a label identifying which business unit owns the resource.
• B.Assign GCP resources in a VPC for each business unit to separate network access.
• C.Create an organization node, and assign folders for each business unit.
• D.Establish standalone projects for each business unit, using gmail.com accounts.

Comment: *

Name: *

Email: *

Verification: *