Professional-Cloud-Security-Engineer 無料問題集「Google Cloud Certified - Professional Cloud Security Engineer」
Employees at your company use their personal computers to access your organization s Google Cloud console.
You need to ensure that users can only access the Google Cloud console from their corporate-issued devices and verify that they have a valid enterprise certificate What should you do?
You need to ensure that users can only access the Google Cloud console from their corporate-issued devices and verify that they have a valid enterprise certificate What should you do?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have numerous private virtual machines on Google Cloud. You occasionally need to manage the servers through Secure Socket Shell (SSH) from a remote location. You want to configure remote access to the servers in a manner that optimizes security and cost efficiency.
What should you do?
What should you do?
正解:A
解答を投票する
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?
How should you prevent and fix this vulnerability?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?
What type of Load Balancing should you use?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (1AM) roles at the right resource level tor the developers and security team while you ensure least privilege.
What should you do?
What should you do?
正解:B
解答を投票する
Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.
What should you do?
What should you do?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple projects managed by different departments. You want to have a historical record of what was running in Google Cloud Platform at any point in time.
What should you do?
What should you do?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV.
You want to minimize risk. What should you do?
You want to minimize risk. What should you do?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You are creating a new infrastructure CI/CD pipeline to deploy hundreds of ephemeral projects in your Google Cloud organization to enable your users to interact with Google Cloud. You want to restrict theuse of the default networks in your organization while following Google-recommended best practices. What should you do?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your company's cloud security policy dictates that VM instances should not have an external IP address. You need to identify the Google Cloud service that will allow VM instances without external IP addresses to connect to the internet to update the VMs. Which service should you use?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.
Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.
Which type of access should your team grant to meet this requirement?
Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.
Which type of access should your team grant to meet this requirement?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)