Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.Which two settings must remain disabled to meet these requirements? (Choose two.)
Answer(s): A,C
https://cloud.google.com/vpc/docs/configure-private-google-access
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Answer(s): A,B
Implied IPv4 allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destinationImplied IPv4 deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming connections to them.https://cloud.google.com/vpc/docs/firewalls?hl=en#default_firewall_rules
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.How should the customer achieve this using Google Cloud Platform?
Answer(s): B
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.What should your team do to meet these requirements?
Answer(s): A
"In order to be able to keep using the existing identity management system, identities need to be synchronized between AD and GCP IAM. To do so google provides a tool called Cloud Directory Sync. This tool will read all identities in AD and replicate those within GCP. Once the identities have been replicated then it's possible to apply IAM permissions on the groups. After that you will configure SAML so google can act as a service provider and either you ADFS or other third party tools like Ping or Okta will act as the identity provider. This way you effectively delegate the authentication from Google to something that is under your control."
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
Answer(s): B,C
https://cloud.google.com/solutions/best-practices-for-building-containers https://cloud.google.com/architecture/best-practices-for-building- containers#solution_1_run_as_pid_1_and_register_signal_handlers
Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:
good one thanks
only got thru 5 questions, need more to evaluate
q26 should be b
the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
need to attend this
these are free brain dumps i understand, how can one get free pdf
provide access
good morning
please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys
question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5
yes i m prepared exam
my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!
great course
very good question
question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.
highly recommend just passed my exam.
great practice! thanks
anyone who wrote this exam recently?
kindly share the dump
could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.
this is really very very helpful for mcd level 1
very helpful!
question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod
thanks for the exact solution
need to refer the questions and have to give the exam
i need it right now if it was possible please
i need it very much please share it in the fastest time.
correct answer is d for student.java program
q:37 c is correct
q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
explained answers
plan to take theaws certified developer - associate dva-c02 in the next few weeks
very helpfull
good questions