Question 1

As an AI consulting firm, your client is running their e-commerce website on Google Kubernetes Engine and requires customer transaction analysis in BigQuery. How can you ensure that credit card information is not stored in BigQuery?

Options :

A : Before ingesting data into BigQuery, utilize the Cloud Data Loss Prevention API to censor associated infoTypes.

B : To query and delete impacted rows, generate a BigQuery view that utilizes regular expressions to match credit card numbers.

C : Utilize Security Command Center to perform a scan in BigQuery for assets categorized as Credit Card Number.

D : To prevent the storage of credit card numbers in BigQuery logs, it is recommended to utilize Cloud Identity-Aware Proxy for filtration purposes.

Answer: A

Question 2

You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?

Options :

A : All load balancer types are denied in accordance with the global node-s policy.

B : INTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder-s policy.

C : EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project-s policy.

D : EXTERNAL TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project-s policies.

Answer: D

Question 3

You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?

Options :

A : On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.

B : On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.

C : On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account. Ask the user to update their second factor, and then re-enable 2SV for this account.

D : On the Google Admin console, use a super administrator account to reset the user account-s credentials. Ask the user to update their credentials after their first login.

Answer: A

Question 4

A company has redundant mail servers in different Google Cloud Platform regions and wants to routecustomers to the nearest mail server based on location.How should the company accomplish this?

Options :

A : Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995

B : Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location

C : Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region.

D : Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address.

Answer: A

Question 5

As an Online education platform company, you need to develop an internal App Engine application that can access a user's Google Drive without relying on current user credentials, while following Google's recommended practices. What steps should you take to accomplish this using Google Cloud Services?

Options :

A : To impersonate the user, you should create a new service account and provide it G Suite domain-wide delegation, which the application can use.

B : To ensure secure operations of the application, it is recommended to use a separate G Suite Admin account and authenticate the application-s activities using these credentials.

C : Generate a fresh Service account and assign Service Account User role to all the users of the application.

D : To grant access to all application users, a new Service account should be created and a Google Group should be created and all application users should be added to this group. Then, grant the Service Account User role to this group.

Answer: A

Free Professional-Cloud-Security-Engineer Mock Exam – Practice Online Confidently

Buying Options: