Question 1

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization use to inform their new requirements?

Options :

A : Set the minimum length for passwords to be 8 characters.

B : Set the minimum length for passwords to be 10 characters.

C : Set the minimum length for passwords to be 12 characters.

D : Set the minimum length for passwords to be 6 characters.

Answer: A

Question 2

You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?

Options :

A : Implement Cloud VPN for the region where the bastion host lives.

B : Implement OS Login with 2-step verification for the bastion host.

C : Implement Identity-Aware Proxy TCP forwarding for the bastion host.

D : Implement Google Cloud Armor in front of the bastion host.

Answer: C

Question 3

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

Options :

A : Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user-s temporary credentials

B : Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/ iam.disableServiceAccountCreation organization policy at the project level.

C : Create a custom service account for the cluster Enable the constraints/iam. disableServiceAccountKeyCreation organization policy at the project level.

D : Create a custom service account for the cluster Enable the constraints/ iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

Answer: C

Question 4

You are consulting with a client that requires end-to-end encryption of application data (including data in transit, data in use, and data at rest) within Google Cloud. Which options should you utilize to accomplish this? (Choose two.)

Options :

A : External Key Manager

B : Customer-supplied encryption keys

C : Hardware Security Module

D : Confidential Computing and Istio

E : Client-side encryption

Answer: D,E

Question 5

As an Online education platform company, you need to develop an internal App Engine application that can access a user's Google Drive without relying on current user credentials, while following Google's recommended practices. What steps should you take to accomplish this using Google Cloud Services?

Options :

A : To impersonate the user, you should create a new service account and provide it G Suite domain-wide delegation, which the application can use.

B : To ensure secure operations of the application, it is recommended to use a separate G Suite Admin account and authenticate the application-s activities using these credentials.

C : Generate a fresh Service account and assign Service Account User role to all the users of the application.

D : To grant access to all application users, a new Service account should be created and a Google Group should be created and all application users should be added to this group. Then, grant the Service Account User role to this group.

Answer: A

Free Professional-Cloud-Security-Engineer Mock Exam – Practice Online Confidently

Buying Options: