Professional-Cloud-Security-Engineer 無料問題集「Google Cloud Certified - Professional Cloud Security Engineer」
You control network traffic for a folder in your Google Cloud environment. Your folder includes multiple projects and Virtual Private Cloud (VPC) networks. You want to enforce on the folder level that egress connections are limited only to IP range 10.58.5.0/24 and only from the VPC network "dev-vpc". You want to minimize implementation and maintenance effort.
What should you do?
What should you do?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company's servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances. You have the following requirements:
- The network connection must be encrypted.
- The communication between servers must be over private IP addresses.
What should you do?
- The network connection must be encrypted.
- The communication between servers must be over private IP addresses.
What should you do?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by the administrator.
What should you do?
What should you do?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your company's Google Cloud organization has about 200 projects and 1,500 virtual machines.
There is no uniform strategy for logs and events management, which reduces visibility for your security operations team. You need to design a logs management solution that provides visibility and allows the security team to view the environment's configuration.
What should you do?
There is no uniform strategy for logs and events management, which reduces visibility for your security operations team. You need to design a logs management solution that provides visibility and allows the security team to view the environment's configuration.
What should you do?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You are migrating an application into the cloud. The application will need to read data from a Cloud Storage bucket. Due to local regulatory requirements, you need to hold the key material used for encryption fully under your control and you require a valid rationale for accessing the key material.
What should you do?
What should you do?
正解:B
解答を投票する
Your company operates an application instance group that is currently deployed behind a Google Cloud load balancer in us-central-1 and is configured to use the Standard Tier network. The infrastructure team wants to expand to a second Google Cloud region, us-east-2. You need to set up a single external IP address to distribute new requests to the instance groups in both regions.
What should you do?
What should you do?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re- occurs.
What should you do?
What should you do?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)