Free Professional-Cloud-Security-Engineer Exam Braindumps

A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing.
How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?

1. A. Build new base images when patches are available, and use a CI/CD pipeline to rebuild VMs, deploying incrementally.
2. B. Federate a Domain Controller into Compute Engine, and roll out weekly patches via Group Policy Object.
3. C. Use Deployment Manager to provision updated VMs into new serving Instance Groups (IGs).
4. D. Reboot all VMs during the weekly maintenance window and allow the StartUp Script to download the latest patches from the internet.

Correct Answer: D

A customer is collaborating with another company to build an application on Compute Engine. The customer is building the application tier in their GCP Organization, and the other company is building the storage tier in a different GCP Organization. This is a 3-tier web application. Communication between portions of the application must not traverse the public internet by any means.
Which connectivity option should be implemented?

1. A. VPC peering
2. B. Cloud VPN
3. C. Cloud Interconnect
4. D. Shared VPC

Correct Answer: B

Which international compliance standard provides guidelines for information security controls applicable to the provision and use of cloud services?

1. A. ISO 27001
2. B. ISO 27002
3. C. ISO 27017
4. D. ISO 27018

Correct Answer: C
Create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices.

Your company operates an application instance group that is currently deployed behind a Google Cloud load balancer in us-central-1 and is configured to use the Standard Tier network. The infrastructure team wants to expand to a second Google Cloud region, us-east-2. You need to set up a single external IP address to distribute new requests to the instance groups in both regions.
What should you do?

1. A. Change the load balancer backend configuration to use network endpoint groups instead of instance groups.
2. B. Change the load balancer frontend configuration to use the Premium Tier network, and add the new instance group.
3. C. Create a new load balancer in us-east-2 using the Standard Tier network, and assign a static external IP address.
4. D. Create a Cloud VPN connection between the two regions, and enable Google Private Access.

Correct Answer: A

Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.
What should you do?

1. A. * 1. Use StackDriver Logging and filter on BigQuery Insert Jobs.* 2. Click on the email address in line with the App Engine Default Service Account in the authentication field.* 3. Click Hide Matching Entrie
2. B. * 4. Make sure the resulting list is empty.
3. C. * 1. Use StackDriver Logging and filter on BigQuery Insert Jobs.* 2. Click on the email address in line with the App Engine Default Service Account in the authentication field.* 3. Click Show Matching Entrie
4. D. * 4. Make sure the resulting list is empty.
5. E. * 1. In BigQuery, select the related dataset.* 2. Make sure the App Engine Default Service Account is the only account that can write to the dataset.
6. F. * 1. Go to the IAM section on the project.* 2. Validate that the App Engine Default Service Account is the only account that has a role that can write to BigQuery.

Correct Answer: C