Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.Which two settings must remain disabled to meet these requirements? (Choose two.)
Answer(s): A,C
https://cloud.google.com/vpc/docs/configure-private-google-access
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Answer(s): A,B
Implied IPv4 allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destinationImplied IPv4 deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming connections to them.https://cloud.google.com/vpc/docs/firewalls?hl=en#default_firewall_rules
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.How should the customer achieve this using Google Cloud Platform?
Answer(s): B
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.What should your team do to meet these requirements?
Answer(s): A
"In order to be able to keep using the existing identity management system, identities need to be synchronized between AD and GCP IAM. To do so google provides a tool called Cloud Directory Sync. This tool will read all identities in AD and replicate those within GCP. Once the identities have been replicated then it's possible to apply IAM permissions on the groups. After that you will configure SAML so google can act as a service provider and either you ADFS or other third party tools like Ping or Okta will act as the identity provider. This way you effectively delegate the authentication from Google to something that is under your control."
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
Answer(s): B,C
https://cloud.google.com/solutions/best-practices-for-building-containers https://cloud.google.com/architecture/best-practices-for-building- containers#solution_1_run_as_pid_1_and_register_signal_handlers
Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:
please upload
prepping for fsc exam
pd1 with great experience
@t it seems like azure service bus message quesues could be the best solution
helpful to check your understanding.
question 128 the answer should be static not auto
more comments here
great support to appear for exams
useful dumps
making progress
q31 answer should be d i think
is this real?
q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it
good questions with simple explanation
admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
very inciting
question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
it look like real one
i am taking oracle fcc certification test next two days, pls share question dumps
i need dumps
its time to comptia sec+
question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
helpful content
oracle 19c is complex db
helpful for practice
support team is fast and deeply knowledgeable. i appreciate that a lot.
helpful questions
thanks for question
the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
i need exam questions nca 6.5 any help please ?
just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
very helpful
i need this exam
nice questions... are these questions the same of the exam?