Professional-Cloud-Security-Engineer 무료 덤프문제 온라인 액세스

You are routing all your internet facing traffic from Google Cloud through your on-premises internet connection. You want to accomplish this goal securely and with the highest bandwidth possible.
What should you do?

• A.Create a routing VM in Compute Engine Configure the default route with the VM as the next hop.
• B.Create an HA VPN connection to Google Cloud Replace the default 0 0 0 0/0 route.
• C.Configure Cloud Interconnect and route traffic through an on-premises firewall.
• D.Configure Cloud Interconnect with HA VPN Replace the default 0 0 0 0/0 route to an on-premises destination.

You must ensure that the keys used for at-rest encryption of your data are compliant with your organization's security controls. One security control mandates that keys get rotated every 90 days. You must implement an effective detection strategy to validate if keys are rotated as required. What should you do?

• A.Define a metric that checks for timely key updates by using Cloud Logging. If a key is not rotated after
  90 days, send an alert message through your incident notification channel.
• B.Analyze the crypto key versions of the keys by using data from Cloud Asset Inventory. If an active key is older than 90 days, send an alert message through your incident notification channel.
• C.Identify keys that have not been rotated by using Security Health Analytics. If a key is not rotated after
  90 days, a finding in Security Command Center is raised.
• D.Assess the keys in the Cloud Key Management Service by implementing code in Cloud Run. If a key is not rotated after 90 days, raise a finding in Security Command Center.

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery What should you do?

• A.Create a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows.
• B.Use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.
• C.Leverage Security Command Center to scan for the assets of type Credit Card Number in BigQuery.
• D.Enable Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.

You are a security administrator at your company. Per Google-recommended best practices, you implemented the domain restricted sharing organization policy to allow only required domains to access your projects. An engineering team is now reporting that users at an external partner outside your organization domain cannot be granted access to the resources in a project. How should you make an exception for your partner's domain while following the stated best practices?

• A.Turn off the domain restricted sharing organization policy. Set the policy value to "Custom." Add each external partner's Cloud Identity or Google Workspace customer ID as an exception under the organization policy, and then turn the policy back on.
• B.Turn off the domain restricted sharing organization policy. Add each partner's Google Workspace customer ID to a Google group, add the Google group as an exception under the organization policy, and then turn the policy back on.
• C.Turn off the domain restricted sharing organization policy. Provide the external partners with the required permissions using Google's Identity and Access Management (IAM) service.
• D.Turn off the domain restriction sharing organization policy. Set the policy value to "Allow All."

You manage a fleet of virtual machines (VMs) in your organization. You have encountered issues with lack of patching in many VMs. You need to automate regular patching in your VMs and view the patch management data across multiple projects.
What should you do?
Choose 2 answers

• A.Deploy patches with Security Command Center by using Rapid Vulnerability Detection.
• B.View patch management data in a Security Command Center dashboard.
• C.View patch management data in Artifact Registry.
• D.Deploy patches with VM Manager by using OS patch management
• E.View patch management data in VM Manager by using OS patch management.