Question 1

What type of networking design should an electric vehicle manufacturer company use on Google Cloud Platform (GCP) to centralize control over networking resources like firewall rules, subnets, and routes, and allow on-premises resources access back to GCP resources through a private VPN connection while enabling the network security team to control the networking resources?

Options :

A : Implementing a hub and spoke model for VPC peering across all engineering projects.

B : Implement a hub and spoke model by creating a Cloud VPN Gateway that connects all engineering projects.

C : The networking team should be given Compute Admin role for every engineering project.

D : A Shared VPC Network consists of a host project and multiple service projects.

Answer: D

Question 2

Your company must follow industry specific regulations. Therefore, you need to enforce customer-managed encryption keys (CMEK) for all new Cloud Storage resources in the organization called org1. What command should you execute?

Options :

A : • organization policy: constraints/gcp.restrictStorageNonCraekServices• binding at: orgl• policy type: deny• policy value: storage.gcogleapis.com

B : • organization policy: constraints/gcp.restrictHonCmekServices• binding at: orgl• policy type: deny• policy value: storage.googleapis.com

C : • organization policy:constraints/gcp.restrictStorageNonCraekServices• binding at: orgl• policy type: allow• policy value: all supported services

D : • organization policy: constramts/gcp.restrictNonCmekServices• binding at: orgl• policy type: allow• policy value: storage.googleapis.com

Answer: D

Question 3

A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects. Which two steps should the company take to meet these requirements? (Choose two.)

Options :

A : Create a project with multiple VPC networks for each environment.

B : Create a folder for each development and production environment.

C : Create a Google Group for the Engineering team, and assign permissions at the folder level.

D : Create an Organizational Policy constraint for each folder environment.

E : Create projects for each environment, and grant IAM rights to each engineering user.

Answer: B,C

Question 4

You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive data. Your solution has the following requirements: Schedule key rotation for sensitive data. Control which region the encryption keys for sensitive data are stored in. Minimize the latency to access encryption keys for both sensitive and non-sensitive data. What should you do?

Options :

A : Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.

B : Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.

C : Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.

D : Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Senrice

Answer: D

Question 5

You have just created a new log bucket to replace the _Default log bucket. You want to route all log entries that are currently routed to the _Default log bucket to this new log bucket in the most efficient manner. What should you do?

Options :

A : Create a user-defined sink with inclusion filters copied from the _Default sink. Select the new log bucket as the sink destination.

B : Create exclusion filters for the _Default sink to prevent it from receiving new logs. Create a userdefined sink, and select the new log bucket as the sink destination.

C : Disable the _Default sink. Create a user-defined sink and select the new log bucket as the sink destination.

D : Edit the _Default sink, and select the new log bucket as the sink destination.

Answer: D

Free Professional-Cloud-Security-Engineer Mock Exam – Practice Online Confidently

Buying Options: